You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Owen O'Malley (JIRA)" <ji...@apache.org> on 2013/10/01 17:12:26 UTC
[jira] [Resolved] (HDFS-3983) Hftp should support both SPNEGO and
KSSL
[ https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Owen O'Malley resolved HDFS-3983.
---------------------------------
Resolution: Won't Fix
Target Version/s: (was: )
KSSL is deprecated and should never be used for secure deployments.
> Hftp should support both SPNEGO and KSSL
> ----------------------------------------
>
> Key: HDFS-3983
> URL: https://issues.apache.org/jira/browse/HDFS-3983
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Eli Collins
> Assignee: Eli Collins
> Priority: Blocker
> Attachments: hdfs-3983.txt, hdfs-3983.txt
>
>
> Hftp currently doesn't work against a secure cluster unless you configure {{dfs.https.port}} to be the http port, otherwise the client can't fetch tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from http://c1225.hal.cloudera.com:50470 using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use the regular http port. Hsftp should still use the secure port, however now that we have HADOOP-8581 it's worth considering removing Hsftp entirely. I'll start a separate thread about that.
--
This message was sent by Atlassian JIRA
(v6.1#6144)