hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jiajia Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12911) Upgrade Hadoop MiniKDC with Kerby
Date Fri, 01 Apr 2016 10:58:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15221543#comment-15221543

Jiajia Li commented on HADOOP-12911:

Hi Kai,
Thanks for your review.
1. Yes, the dependency can be cleaned up in the next release
2. If the KeyProvider.DEFAULT_BITLENGTH_NAME be 64, will with some exception: java.security.InvalidParameterException:
Wrong keysize: must be equal to 128, 192 or 256
3. I will revert the removing because of the latest patch with some compile error. They will
not be removed in the next patch.
4. The krb5.conf will used by other tests(which not use the MiniKDC), such as "TestClientRMTokens",
so "default_realm" can not be set by SimpleKDC. But after changing the code of SimpleKDC,
I think resetDefaultRealm can be removed.
5. You are right, this can be improved in Kerby SimpleKDC.

> Upgrade Hadoop MiniKDC with Kerby
> ---------------------------------
>                 Key: HADOOP-12911
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12911
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: test
>            Reporter: Jiajia Li
>            Assignee: Jiajia Li
>         Attachments: HADOOP-12911-v1.patch, HADOOP-12911-v2.patch, HADOOP-12911-v3.patch,
HADOOP-12911-v4.patch, HADOOP-12911-v5.patch
> As discussed in the mailing list, we’d like to introduce Apache Kerby into Hadoop.
Initially it’s good to start with upgrading Hadoop MiniKDC with Kerby offerings. Apache
Kerby (https://github.com/apache/directory-kerby), as an Apache Directory sub project, is
a Java Kerberos binding. It provides a SimpleKDC server that borrowed ideas from MiniKDC and
implemented all the facilities existing in MiniKDC. Currently MiniKDC depends on the old Kerberos
implementation in Directory Server project, but the implementation is stopped being maintained.
Directory community has a plan to replace the implementation using Kerby. MiniKDC can use
Kerby SimpleKDC directly to avoid depending on the full of Directory project. Kerby also provides
nice identity backends such as the lightweight memory based one and the very simple json one
for easy development and test environments.

This message was sent by Atlassian JIRA

View raw message