You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2021/08/31 23:40:13 UTC

[kudu] branch master updated: [docs] update security-related limitations since 1.15.0 release

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new 0bfc533  [docs] update security-related limitations since 1.15.0 release
0bfc533 is described below

commit 0bfc533bea668ac0769fd0411da06eb9eb812904
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Tue Aug 31 12:15:08 2021 -0700

    [docs] update security-related limitations since 1.15.0 release
    
    Since Kudu 1.15.0:
      * TLSv1.3 is supported for Kudu RPC
      * Kudu server Kerberos principals are configurable
    
    Change-Id: Ibe05ca6ba178671f11bb33a7df85a23bb1c380b1
    Reviewed-on: http://gerrit.cloudera.org:8080/17823
    Tested-by: Kudu Jenkins
    Reviewed-by: Bankim Bhavsar <ba...@cloudera.com>
---
 docs/known_issues.adoc | 5 -----
 docs/security.adoc     | 3 ---
 2 files changed, 8 deletions(-)

diff --git a/docs/known_issues.adoc b/docs/known_issues.adoc
index fc9c07d..0324c02 100644
--- a/docs/known_issues.adoc
+++ b/docs/known_issues.adoc
@@ -173,15 +173,10 @@ anecdotal values that have been seen in real world production clusters:
   Kudu data at rest can be achieved through the use of local block device
   encryption software such as `dmcrypt`.
 
-* Kudu server Kerberos principals must follow the pattern `kudu/<HOST>@DEFAULT.REALM`.
-  Configuring an alternate Kerberos principal is not supported.
-
 * Server certificates generated by Kudu IPKI are incompatible with
   link:https://www.bouncycastle.org/[bouncycastle] version 1.52 and earlier. See
   link:https://issues.apache.org/jira/browse/KUDU-2145[KUDU-2145] for details.
 
-* The highest supported version of the TLS protocol is TLSv1.2
-
 == Other Known Issues
 
 The following are known bugs and issues with the current release of Kudu. They will
diff --git a/docs/security.adoc b/docs/security.adoc
index 3f28deb..c77f1b2 100644
--- a/docs/security.adoc
+++ b/docs/security.adoc
@@ -578,9 +578,6 @@ Kudu has a few known security limitations:
 
 // TODO(danburkert): add JIRA links for each of these.
 
-Custom Kerberos Principal:: Kudu does not support setting a custom service
-principal for Kudu processes. The principal must be 'kudu'.
-
 External PKI:: Kudu does not support externally-issued certificates for internal
 wire encryption (server to server and client to server).