elek commented on issue #751: HDDS-3321. Prometheus endpoint should not have Authentication filter … URL: https://github.com/apache/hadoop-ozone/pull/751#issuecomment-607806945 One alternative approach is using token based or basic auth based authentication instead of SPNEGO. They seems to be supported by prometheus. Not sure about the risk of this patch, as (in case of separated storage and execution) the webport also can be guarded with ip based firewall rules (they are not required for the users). But would be great to hear the opinion of a security expert...
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
