giraph-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eugene Koontz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GIRAPH-211) Add secure authentication to Netty IPC
Date Tue, 18 Sep 2012 18:08:08 GMT

    [ https://issues.apache.org/jira/browse/GIRAPH-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458009#comment-13458009
] 

Eugene Koontz commented on GIRAPH-211:
--------------------------------------

My apologies for the delay. I am in the final stages : getting it to compile on all supported
Hadoop versions and fixing checkstyle errors. I have the SASL code implemented as a ChannelHandler
as we discussed. Here's what the pipeline looks like on the client side, showing both authenticated
and non-authenticated cases:

{code:title=NettyClient.java}
   // Set up the pipeline factory.
    bootstrap.setPipelineFactory(new ChannelPipelineFactory() {
      @Override
      public ChannelPipeline getPipeline() throws Exception {
        if (conf.getBoolean(GiraphJob.AUTHENTICATE,
            GiraphJob.DEFAULT_AUTHENTICATE)) {
          LOG.info("Using Netty with authentication.");

          // Our pipeline starts with just byteCounter, and then we use
          // addAfter() to incrementally add pipeline elements, so that we can
          // name them for identification for removal or replacement after
          // client is authenticated by server.
          ChannelPipeline pipeline = Channels.pipeline(
              byteCounter);

          // After authentication finishes, the following is replaced with
          // FixedLengthFrameDecoder (as in non-auth pipeline below):
          pipeline.addLast("length-field-based-frame-decoder",
              new LengthFieldBasedFrameDecoder(1024, 0, 4, 0, 4));

          pipeline.addLast("request-encoder", new RequestEncoder());

          // After authentication finishes, the following is removed:
          pipeline.addLast("sasl-client-handler",
              new SaslClientHandler(conf));

          pipeline.addLast("response-handler",
              new ResponseClientHandler(clientRequestIdRequestInfoMap, conf));
          return pipeline;
        } else {
          LOG.info("Using Netty without authentication.");
          return Channels.pipeline(
              byteCounter,
              new FixedLengthFrameDecoder(RequestServerHandler.RESPONSE_BYTES),
              new RequestEncoder(),
              new ResponseClientHandler(clientRequestIdRequestInfoMap, conf));
        }
      }
    });
{code}
                
> Add secure authentication to Netty IPC
> --------------------------------------
>
>                 Key: GIRAPH-211
>                 URL: https://issues.apache.org/jira/browse/GIRAPH-211
>             Project: Giraph
>          Issue Type: Improvement
>            Reporter: Eugene Koontz
>            Assignee: Eugene Koontz
>             Fix For: 0.2.0
>
>         Attachments: GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch,
GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211-proposal.txt
>
>
> Gianmarco De Francisci Morales asked on the user list:
> bq. I am getting the exception in the subject when running my giraph program
> bq. on a cluster with Kerberos authentication.
> This leads to the idea of having Kerberos authentication supported within GIRAPH. Hopefully
it would use our fast GIRAPH-37 IPC, but could also interoperate with Hadoop security.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message