You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2011/01/03 21:45:46 UTC
[jira] Created: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Allow SecureIO to be disabled for developer workstations
--------------------------------------------------------
Key: HADOOP-7083
URL: https://issues.apache.org/jira/browse/HADOOP-7083
Project: Hadoop Common
Issue Type: Improvement
Components: native, security
Affects Versions: 0.22.0
Reporter: Todd Lipcon
Assignee: Alejandro Abdelnur
Priority: Trivial
In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977104#action_12977104 ]
Allen Wittenauer commented on HADOOP-7083:
------------------------------------------
Shouldn't we just fix the native code to be not-tricky?
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990719#comment-12990719 ]
Todd Lipcon commented on HADOOP-7083:
-------------------------------------
We already have two other precedents for this type of config that I can think of off the top of my head:
- dfs.block.access.token.enable can be set false and I don't think HDFS will refuse to start.
- the MR Task Controller can be set to DefaultTaskController when other parts of security are on, and MR will still function.
Do you consider those to be bugs?
There is always a tradeoff between security and convenience, and it should be up to the user to decide where they want to be on the spectrum, so long as they are very clear they are making this kind of trade-off. By naming and describing the config clearly to indicate that they are losing security by configuring it incorrectly, then who are we to stop them?
It seems you've picked some arbitrary point on this spectrum and decided that's the only choice a user should have. I say the point is arbitrary because we haven't gone all the way -- why doesn't Hadoop refuse to start if you're running a Linux kernel with a known root escalation exploit? Why doesn't Hadoop refuse to start if its configs are on a non-kerberized NFS filer? Why doesn't Hadoop refuse to start if you aren't running SELinux? Should we refuse to accept block writes from nodes outside the cluster because DNS spoofing attacks can defeat the non-mutually-authenticated non-encrypted transport we use for the xceiver protocol?
Some organizations might choose all of the above as their policies, but it's not Hadoop's decision to enforce these things, because they're very inconvenient. If my goal is to learn about how a kerberized cluster behaves, I don't want all the hardening (and associated inconvenience) that a company storing financial information would want.
It seems there's a fundamental philosophical disagreement here rather than one about this particular JIRA. Should we bring this to a discussion on the mailing lists rather than in these specific bugs?
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13096500#comment-13096500 ]
Alejandro Abdelnur commented on HADOOP-7083:
--------------------------------------------
If there is no intention of committing this JIRA we should close it
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-7083:
---------------------------------------
Resolution: Won't Fix
Status: Resolved (was: Patch Available)
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon updated HADOOP-7083:
--------------------------------
Status: Patch Available (was: Open)
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Priority: Trivial
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990697#comment-12990697 ]
Jakob Homan commented on HADOOP-7083:
-------------------------------------
The precedent for this type of access was also -1ed (by me) in HDFS-1150. I'm also concerned about deviations from the standard security story for Hadoop along these lines.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990657#comment-12990657 ]
Allen Wittenauer commented on HADOOP-7083:
------------------------------------------
> By requiring the use of native code for a basic feature like security to work,
> Hadoop is making things quite difficult for Hadoop application developers.
I agree that this needs to be fixed, but putting what essentially is a backdoor into the code is not the right way to do it.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-7083:
--------------------------------
Priority: Major (was: Trivial)
This is essentially adding a third state to Hadoop security: off, on and whatever-is-a-pain-for-developers-is-off. The jsvc requirements would also fall under this category. This is not a trivial change since misconfiguration could leave the system saying it's secure, when it's not. Before this goes in, I'd like to get the MR side of HADOOP-6822 in and provide information there, as well as in a warning log message, that the JT/TT/etc are in essentially debug mode, to give a clue as soon as possible. Particularly so since the name of the new method, {{isInsecureDeveloperModeEnabled()}} implies other aspects of security may be futzed with in the future (if this is not the intent, the method name should be changed).
Note: this is not a code review. A complete one is still required by before this may be committed.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12978199#action_12978199 ]
Hadoop QA commented on HADOOP-7083:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12467361/hadoop-7083.txt
against trunk revision 1055206.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
+1 system test framework. The patch passed system test framework compile.
Test results: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/157//testReport/
Findbugs warnings: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/157//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/157//console
This message is automatically generated.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977124#action_12977124 ]
Todd Lipcon commented on HADOOP-7083:
-------------------------------------
Allen: Some people just don't want to install gcc/autotools/etc on their Macs. It's not that the native code is that bad, it's just a pain on platforms like OSX and not worth it when no one plans to deploy on OSX. If you want to contribute a patch that improves that platform, I don't think anyone's against it, but a simple config switch is certainly easier.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991607#comment-12991607 ]
Allen Wittenauer commented on HADOOP-7083:
------------------------------------------
> Do you consider those to be bugs?
I'll have to look at the specifics of those two settings, but chances are, yes, they should not have been committed if we want to take security seriously.
If dfs.block.access.token.enable is the one that I think it is, it likely should have been held off until we had a real solution (something commit-able) to run the datanode on a privileged port rather then adding it as a "something we might use some day". (Yes, I'm fully aware that this hurts myself more than maybe anyone else, given that Solaris has supported privilege delegation for quite some time now.)
> straw men
> If my goal is to learn about how a kerberized cluster behaves, I don't want all the
> hardening (and associated inconvenience) that a company storing financial
> information would want.
But you do want a realistic environment, including the setup pain. So that includes the ten minutes to compile native code.
> Should we bring this to a discussion on the mailing lists rather than in these specific bugs?
Feel free.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12989479#comment-12989479 ]
Alejandro Abdelnur commented on HADOOP-7083:
--------------------------------------------
This patch enables developers to work with Hadoop with Kerberos ON in platforms for which native code is not available. I.e. many developers use Macs, and they just download the Hadoop binary, they don't build it. Hadoop binaries don't ship with Mac native code.
As Hadoop with Security becomes more popular this will become a bigger issue.
Regarding the name of the method/property, we could change it to allow.non.privileged.port or something like that.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon updated HADOOP-7083:
--------------------------------
Attachment: hadoop-7083.txt
Uploading patch originally contributed by Alejandro.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Priority: Trivial
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12989938#comment-12989938 ]
Allen Wittenauer commented on HADOOP-7083:
------------------------------------------
At this point, I'm -1 on this patch.
The more and more I think about it, the more and more I view this as a bad hack that shouldn't go into the core code. If SecureIO requires native code, it requires native code. Developers and users who want to work with Hadoop with the identity features enabled need to work with it as it is intended to be run. Otherwise we end up with "it works on my machine!" scenarios.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12996865#comment-12996865 ]
Hadoop QA commented on HADOOP-7083:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12467361/hadoop-7083.txt
against trunk revision 1071364.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
+1 system test framework. The patch passed system test framework compile.
Test results: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/249//testReport/
Findbugs warnings: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/249//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/249//console
This message is automatically generated.
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for
developer workstations
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990428#comment-12990428 ]
Alejandro Abdelnur commented on HADOOP-7083:
--------------------------------------------
Allen,
Developers that work on Hadoop applications(on top of Hadoop, not Hadoop itself) normally download and use a Hadoop binary distribution, they don't build it.
By requiring the use of native code for a basic feature like security to work, Hadoop is making things quite difficult for Hadoop application developers.
The alternative would be to make sure that Hadoop bundles native libraries for the most commons developer platforms.
I'd be happy either way, but I think that how things are it is not (or it will soon be not) a reasonable thing for Hadoop application developers.
Or any other idea on how to solve this?
> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
> Key: HADOOP-7083
> URL: https://issues.apache.org/jira/browse/HADOOP-7083
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Alejandro Abdelnur
> Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms like OSX where the native code can be tricky to get compiled and working. We should allow developers to disable this aspect of security by setting a special flag.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira