Return-Path: X-Original-To: apmail-hadoop-common-dev-archive@www.apache.org Delivered-To: apmail-hadoop-common-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B6688105B2 for ; Mon, 31 Mar 2014 23:37:58 +0000 (UTC) Received: (qmail 11046 invoked by uid 500); 31 Mar 2014 23:37:18 -0000 Delivered-To: apmail-hadoop-common-dev-archive@hadoop.apache.org Received: (qmail 10913 invoked by uid 500); 31 Mar 2014 23:37:16 -0000 Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-dev@hadoop.apache.org Received: (qmail 10898 invoked by uid 99); 31 Mar 2014 23:37:16 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 Mar 2014 23:37:16 +0000 Date: Mon, 31 Mar 2014 23:37:16 +0000 (UTC) From: "Benoy Antony (JIRA)" To: common-dev@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (HADOOP-9709) Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-9709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benoy Antony resolved HADOOP-9709. ---------------------------------- Resolution: Duplicate Release Note: resolved via HDFS_5910 and HADOOP-10221 > Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy) > ------------------------------------------------------------------------------------------------------------------------- > > Key: HADOOP-9709 > URL: https://issues.apache.org/jira/browse/HADOOP-9709 > Project: Hadoop Common > Issue Type: New Feature > Reporter: Benoy Antony > Assignee: Benoy Antony > > Hadoop Servers currently support only one QOP for the whole cluster. > We want Hadoop servers to support different quality of protection at the same time. This will enable different clients to use different QOP. > A simple usecase: > Let each Hadoop server support two QOP . > 1. Authentication > 2. Privacy (Privacy includes Authentication) . > The Hadoop servers and internal clients does Authentication without incurring cost of encryption. External clients use Privacy. > The hadoop servers and internal clients are inside the firewall. External clients are outside the firewall. > As an enhancement , it is possible to add a pluggable check (eg. IP whitelist) to identify internal and external clients. > The implementation is simple. > Each Hadoop server listens on multiple ports by configuration with different QOP. > For the usecase mentioned above, the servers - NameNode, DataNode, ResourceManager listen on two ports (much like 80(http) and 443(https)) for RPC and Streaming. ApplicationMaster uses a range of ports for privacy and non-privacy and picks up a port and QOP based on client's config for client communication. > The clients specify the port which they are supposed to connect to. Clients specify the rpc protection as well encryption policy for streaming layer. > This is an umbrella jira . > I have divided this feature into multiple small tasks. I'll add testcases once the approach is reviewed. -- This message was sent by Atlassian JIRA (v6.2#6252)