Sailesh Mukil has posted comments on this change. Change subject: [security] adjust TLS certificate verification ......................................................................
Patch Set 3: > (1 comment) We will still be using Kerberos + TLS for now. I went over the change and the only difference between this and our current behavior is that in Impala, even though kerberos is set up, the TLS client certs will be verified, although I do agree that is redundant. It looks like this should be transparent enough that Impala users will not notice the change of not verifying client certs when Kerberos is enabled, while having the same security guarantees. That being said, I'm not sure if its safe for Impala to pick this up without getting a few of the other patches that we probably won't pick up immediately (TLS feature negotiation, internal CA, etc.). -- To view, visit http://gerrit.cloudera.org:8080/5865 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Id3b1698ccd8434b8d40d567e9d0fa506e4cdc0ca Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Henry Robinson <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: No
