hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-9709) Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy)
Date Mon, 08 Jul 2013 21:53:48 GMT
Benoy Antony created HADOOP-9709:
------------------------------------

             Summary: Add ability in Hadoop servers (Namenode, Datanode, ResourceManager )
 to support multiple QOP (Authentication , Privacy) 
                 Key: HADOOP-9709
                 URL: https://issues.apache.org/jira/browse/HADOOP-9709
             Project: Hadoop Common
          Issue Type: New Feature
            Reporter: Benoy Antony
            Assignee: Benoy Antony


Hadoop Servers currently support only one QOP for the whole cluster.
We want Hadoop servers to support different quality of protection at the same time. This will
enable different clients to use a different QOP.

A simple usecase will be to define two QOP .
1.  Authentication
2. Privacy (Privacy includes Authentication) . 

The Hadoop servers and internal clients does Authentication without incurring cost of encryption.
External clients use Privacy. 
The hadoop servers and internal clients are inside the firewall. External clients are outside
the firewall.

As an enhancement , it is possible to add  a pluggable check (eg. IP whitelist) to identify
internal and external clients.

The implementation is simple. 
Each Hadoop server listens on two ports by configuration with different QOP. 
The servers - NameNode, DataNode, ResourceManager listen on two ports (much like 80(http)
and 443(https)) for RPC and Streaming.  ApplicationMaster uses a range of ports for privacy
and non-privacy and picks up a port and QOP based on client's config.
The clients specify  the port which they are suppose to connect to. Clients specify the rpc
protection  as well encryption policy for streaming layer.

This is an umbrella jira . 
I have divided this feature into multiple small tasks. I'll add testcases once the approach
is reviewed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message