[docs] update security-related limitations since 1.15.0 release

Since Kudu 1.15.0: * TLSv1.3 is supported for Kudu RPC * Kudu server Kerberos principals are configurable Change-Id: Ibe05ca6ba178671f11bb33a7df85a23bb1c380b1 Reviewed-on: http://gerrit.cloudera.org:8080/17823 Tested-by: Kudu Jenkins Reviewed-by: Bankim Bhavsar <[email protected]>
cutiechi · Aug 31, 2021 · 0bfc533 · 0bfc533
1 parent 05ae60a
commit 0bfc533
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 8 deletions.
diff --git a/docs/known_issues.adoc b/docs/known_issues.adoc
@@ -173,15 +173,10 @@ anecdotal values that have been seen in real world production clusters:
   Kudu data at rest can be achieved through the use of local block device
   encryption software such as `dmcrypt`.
 
-* Kudu server Kerberos principals must follow the pattern `kudu/<HOST>@DEFAULT.REALM`.
-  Configuring an alternate Kerberos principal is not supported.
-
 * Server certificates generated by Kudu IPKI are incompatible with
   link:https://www.bouncycastle.org/[bouncycastle] version 1.52 and earlier. See
   link:https://issues.apache.org/jira/browse/KUDU-2145[KUDU-2145] for details.
 
-* The highest supported version of the TLS protocol is TLSv1.2
-
 == Other Known Issues
 
 The following are known bugs and issues with the current release of Kudu. They will

diff --git a/docs/security.adoc b/docs/security.adoc
@@ -578,9 +578,6 @@ Kudu has a few known security limitations:
 
 // TODO(danburkert): add JIRA links for each of these.
 
-Custom Kerberos Principal:: Kudu does not support setting a custom service
-principal for Kudu processes. The principal must be 'kudu'.
-
 External PKI:: Kudu does not support externally-issued certificates for internal
 wire encryption (server to server and client to server).