giraph-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <>
Subject [jira] [Commented] (GIRAPH-211) Add secure authentication to GIRAPH IPC
Date Fri, 29 Jun 2012 17:12:44 GMT


Andrew Purtell commented on GIRAPH-211:

bq. My first understanding was that we want all the messages which go through the system to
be protected. 

What Hadoop did fundamentally is wrap their RPC with SASL at the socket level, and then could
use existing JRE support for SASL negotiation with Kerberos authentication (and transparent
encryption, etc).

Eugene could comment better, but what we did for ZooKeeper, which has IO also based on Netty,
is instead tunnel the SASL authentication handshake as an extension to the existing protocol,
and introduced a mode which requires that handshake to complete successfully before accepting
other message types which require authenticated access.
> Add secure authentication to GIRAPH IPC
> ---------------------------------------
>                 Key: GIRAPH-211
>                 URL:
>             Project: Giraph
>          Issue Type: Improvement
>            Reporter: Eugene Koontz
>            Assignee: Maja Kabiljo
> Gianmarco De Francisci Morales asked on the user list:
> bq. I am getting the exception in the subject when running my giraph program
> bq. on a cluster with Kerberos authentication.
> This leads to the idea of having Kerberos authentication supported within GIRAPH. Hopefully
it would use our fast GIRAPH-37 IPC, but could also interoperate with Hadoop security.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message