hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10863) KMS should have a blacklist for decrypting EEKs
Date Tue, 02 Sep 2014 08:34:21 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Arun Suresh updated HADOOP-10863:
---------------------------------
    Attachment: HADOOP-10863.4.patch

Updating patch. Thanks [~tucu00] and [~benoyantony] for the reviews..

[~benoyantony], wrt to normalizing the acl configuration parameters, I guess having a separate
JIRA would be better since it would impact [HADOOP-10758|https://issues.apache.org/jira/browse/HADOOP-10758]
as well.
I have created [HADOOP-11046|https://issues.apache.org/jira/browse/HADOOP-11046] to track
this.

> KMS should have a blacklist for decrypting EEKs
> -----------------------------------------------
>
>                 Key: HADOOP-10863
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10863
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10863.1.patch, HADOOP-10863.2.patch, HADOOP-10863.3.patch,
HADOOP-10863.4.patch
>
>
> In particular, we'll need to put HDFS admin user there by default to prevent an HDFS
admin from getting file encryption keys.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message