Mailing-List: contact hadoop-dev-help@lucene.apache.org; run by ezmlm
Precedence: bulk
Reply-To: hadoop-dev@lucene.apache.org
Message-ID: <13968040.1195510783497.JavaMail.jira@brutus>
Date: Mon, 19 Nov 2007 14:19:43 -0800 (PST)
From: "Raghu Angadi (JIRA)" <jira@apache.org>
To: hadoop-dev@lucene.apache.org
Subject: [jira] Commented: (HADOOP-2184) RPC Support for user permissions
 and authentication.
In-Reply-To: <15899861.1194653750736.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/HADOOP-2184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12543710 ] 

Raghu Angadi commented on HADOOP-2184:
--------------------------------------

> You've changed the public API for parallel calls incompatibly. This is used by Nutch.
Sure. will keep the public api for parallel calls compatible. I was wondering where it was used outside the unit tests.

> I'm also confused about exactly why you need the InternalInvoker. Why can't this be done in the same way as the VersionedProtocol stuff?

We need to invoke a RPC (to send ticket) inside normal RPC. In order to use the regular Invoker (in RPC.java), we could have constructor flag so that so that it knows it needs to do a subset of normal functionality for this case... 

InternalInvoker does not need conf and should not do anything related to finding and setting up a connection. It just invokes an RPC.


> RPC Support for user permissions and authentication.
> ----------------------------------------------------
>
>                 Key: HADOOP-2184
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2184
>             Project: Hadoop
>          Issue Type: New Feature
>          Components: ipc
>    Affects Versions: 0.15.0
>            Reporter: Tsz Wo (Nicholas), SZE
>            Assignee: Raghu Angadi
>             Fix For: 0.16.0
>
>         Attachments: HADOOP-2184-demo.patch
>
>
> Update 11/13/2007: What is proposed for 0.16.0 :
> The client can set a user ticket (as defined in HADOOP-1701) for each connection and that ticket is made available to RPC calls at the server. The client can replace the ticket at any time. The main advantage is that rest of the the client RPCs don't need to be aware of the user tickets.
> What RPC would ideally support in future :
> In the current version of RPC, there is no authentication or data protection.  We propose to change the RPC framework, so that secure communication is possible.
> The new RPC should:
> - Compatible with current RPC
> - Allow a pluggable security implementations (see HADOOP-1701)
> - Support both secure and non-secure modes.
> Here is a rough idea:
> - Store security information (e.g. username, keys) in a ticket
> - Use the ticket to establish a RPC connection
> - Create secure sockets by the (subclass of) SocketFactory corresponding to the selected security implementations
> - Send the data and RPC parameters with the secure sockets
> When authentication is supported, the RPC callee should also initialize caller information during RPC setup and execute the RPC on the caller's behalf.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.