Return-Path: Delivered-To: apmail-lucene-hadoop-dev-archive@locus.apache.org Received: (qmail 52162 invoked from network); 10 Nov 2007 04:36:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Nov 2007 04:36:14 -0000 Received: (qmail 96535 invoked by uid 500); 10 Nov 2007 04:36:01 -0000 Delivered-To: apmail-lucene-hadoop-dev-archive@lucene.apache.org Received: (qmail 96498 invoked by uid 500); 10 Nov 2007 04:36:01 -0000 Mailing-List: contact hadoop-dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hadoop-dev@lucene.apache.org Delivered-To: mailing list hadoop-dev@lucene.apache.org Received: (qmail 96489 invoked by uid 99); 10 Nov 2007 04:36:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Nov 2007 20:36:01 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Nov 2007 04:36:51 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id D0E7971423B for ; Fri, 9 Nov 2007 20:35:50 -0800 (PST) Message-ID: <21869297.1194669350853.JavaMail.jira@brutus> Date: Fri, 9 Nov 2007 20:35:50 -0800 (PST) From: "Raghu Angadi (JIRA)" To: hadoop-dev@lucene.apache.org Subject: [jira] Commented: (HADOOP-2184) Change RPC to provide secure communication In-Reply-To: <15899861.1194653750736.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-2184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12541506 ] Raghu Angadi commented on HADOOP-2184: -------------------------------------- There are 3 issues I see here : # Encryption (SSL, etc) # Make user ticket available to RPCs (i.e. HADOOP-1701) # Authenticate the client. Are all these required for 0.16? To me, it looks like (2) is what is needed. Also isn't (3) part of the ticket? > Change RPC to provide secure communication > ------------------------------------------ > > Key: HADOOP-2184 > URL: https://issues.apache.org/jira/browse/HADOOP-2184 > Project: Hadoop > Issue Type: New Feature > Components: ipc > Affects Versions: 0.15.0 > Reporter: Tsz Wo (Nicholas), SZE > Assignee: Raghu Angadi > Fix For: 0.16.0 > > > In the current version of RPC, there is no authentication or data protection. We propose to change the RPC framework, so that secure communication is possible. > The new RPC should: > - Compatible with current RPC > - Allow a pluggable security implementations (see HADOOP-1701) > - Support both secure and non-secure modes. > Here is a rough idea: > - Store security information (e.g. username, keys) in a ticket > - Use the ticket to establish a RPC connection > - Create secure sockets by the (subclass of) SocketFactory corresponding to the selected security implementations > - Send the data and RPC parameters with the secure sockets > When authentication is supported, the RPC callee should also initialize caller information during RPC setup and execute the RPC on the caller's behalf. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.