sqoop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "richard zhou" <richard.z...@intel.com>
Subject Re: Review Request 28834: SQOOP-1755: Sqoop2: Security guide
Date Wed, 10 Dec 2014 07:09:22 GMT


> On Dec. 9, 2014, 4:16 p.m., Abraham Elmahrek wrote:
> > docs/src/site/sphinx/KerberosOnSqoop2.rst, line 72
> > <https://reviews.apache.org/r/28834/diff/1/?file=786283#file786283line72>
> >
> >     "All components in the Hadoop ecosystem must be kerberized"?
> >     
> >     I believe non-kerberized data sources are still supported.

If hdfs is Kerberized, other components MUST be Kerberized, or they could not communicate
with each other.


> On Dec. 9, 2014, 4:16 p.m., Abraham Elmahrek wrote:
> > docs/src/site/sphinx/KerberosOnSqoop2.rst, line 110
> > <https://reviews.apache.org/r/28834/diff/1/?file=786283#file786283line110>
> >
> >     "export SQOOP2_HOST=$(hostname -f)" using shell expansion?

good idea


> On Dec. 9, 2014, 4:16 p.m., Abraham Elmahrek wrote:
> > docs/src/site/sphinx/KerberosOnSqoop2.rst, line 85
> > <https://reviews.apache.org/r/28834/diff/1/?file=786283#file786283line85>
> >
> >     I beliee <FQDN> in the principal is actually an "instance" string. In
hadoop world, the "instance" string should be the FQDN because it's used by hadoop-auth to
resolve service locations.
> >     
> >     Given this, can we add a comment describing why FQDN is used in the "instance"
string?

I did not catch your meaning.


- richard


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/28834/#review64377
-----------------------------------------------------------


On Dec. 9, 2014, 2:19 a.m., richard zhou wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/28834/
> -----------------------------------------------------------
> 
> (Updated Dec. 9, 2014, 2:19 a.m.)
> 
> 
> Review request for Sqoop.
> 
> 
> Repository: sqoop-sqoop2
> 
> 
> Description
> -------
> 
> Given Kerberos has been implemented and sqoop2 now provides SPNEGO, it would be nice
to have a security guide which explains the following:
> Features.
> High level design.
> Usage.
> 
> 
> Diffs
> -----
> 
>   docs/src/site/sphinx/KerberosOnSqoop2.rst PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/28834/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> richard zhou
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message