You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2021/08/31 23:40:13 UTC
[kudu] branch master updated: [docs] update security-related
limitations since 1.15.0 release
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 0bfc533 [docs] update security-related limitations since 1.15.0 release
0bfc533 is described below
commit 0bfc533bea668ac0769fd0411da06eb9eb812904
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Tue Aug 31 12:15:08 2021 -0700
[docs] update security-related limitations since 1.15.0 release
Since Kudu 1.15.0:
* TLSv1.3 is supported for Kudu RPC
* Kudu server Kerberos principals are configurable
Change-Id: Ibe05ca6ba178671f11bb33a7df85a23bb1c380b1
Reviewed-on: http://gerrit.cloudera.org:8080/17823
Tested-by: Kudu Jenkins
Reviewed-by: Bankim Bhavsar <ba...@cloudera.com>
---
docs/known_issues.adoc | 5 -----
docs/security.adoc | 3 ---
2 files changed, 8 deletions(-)
diff --git a/docs/known_issues.adoc b/docs/known_issues.adoc
index fc9c07d..0324c02 100644
--- a/docs/known_issues.adoc
+++ b/docs/known_issues.adoc
@@ -173,15 +173,10 @@ anecdotal values that have been seen in real world production clusters:
Kudu data at rest can be achieved through the use of local block device
encryption software such as `dmcrypt`.
-* Kudu server Kerberos principals must follow the pattern `kudu/<HOST>@DEFAULT.REALM`.
- Configuring an alternate Kerberos principal is not supported.
-
* Server certificates generated by Kudu IPKI are incompatible with
link:https://www.bouncycastle.org/[bouncycastle] version 1.52 and earlier. See
link:https://issues.apache.org/jira/browse/KUDU-2145[KUDU-2145] for details.
-* The highest supported version of the TLS protocol is TLSv1.2
-
== Other Known Issues
The following are known bugs and issues with the current release of Kudu. They will
diff --git a/docs/security.adoc b/docs/security.adoc
index 3f28deb..c77f1b2 100644
--- a/docs/security.adoc
+++ b/docs/security.adoc
@@ -578,9 +578,6 @@ Kudu has a few known security limitations:
// TODO(danburkert): add JIRA links for each of these.
-Custom Kerberos Principal:: Kudu does not support setting a custom service
-principal for Kudu processes. The principal must be 'kudu'.
-
External PKI:: Kudu does not support externally-issued certificates for internal
wire encryption (server to server and client to server).