giraph-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Avery Ching (JIRA)" <>
Subject [jira] [Commented] (GIRAPH-211) Add secure authentication to Netty IPC
Date Tue, 14 Aug 2012 08:23:38 GMT


Avery Ching commented on GIRAPH-211:

Eugene, this is a nice start!  A few comments/questions about the limitations:

>-Authorization is not done: that is, clients are authenticated but there are no restrictions
on their ability to do RPC on the servers.

Can't we block until the authentication is done?

>-Clients should wait for authentication before trying to do RPC - once authorization (see
above) is done, they might encounter a race where they try to do RPCs without yet being authenticated.

Same question as above?

>-Not tested on other than hadoop 2.0.1-SNAPSHOT

Would probably be nice to try on a hadoop 1.0.x if you have a chance.

>-Only works if we disable client-side channel-pooling (GIRAPH-289) and local short-circuiting
of RPCs (GIRAPH-262) - these should be configurable but currently, I hard-wired both to be

I think it's reasonable to allow short-circuiting since there isn't a security issue here
(this is the same process).  As for channel pooling, can we simply authenticate once per channel?
> Add secure authentication to Netty IPC
> --------------------------------------
>                 Key: GIRAPH-211
>                 URL:
>             Project: Giraph
>          Issue Type: Improvement
>            Reporter: Eugene Koontz
>            Assignee: Eugene Koontz
>             Fix For: 0.2.0
>         Attachments: GIRAPH-211.patch, GIRAPH-211-proposal.txt
> Gianmarco De Francisci Morales asked on the user list:
> bq. I am getting the exception in the subject when running my giraph program
> bq. on a cluster with Kerberos authentication.
> This leads to the idea of having Kerberos authentication supported within GIRAPH. Hopefully
it would use our fast GIRAPH-37 IPC, but could also interoperate with Hadoop security.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message