hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Cutting (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6419) Change RPC layer to support SASL/token based mutual authentication
Date Wed, 30 Dec 2009 21:22:29 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12795449#action_12795449
] 

Doug Cutting commented on HADOOP-6419:
--------------------------------------

We hope to soon replace WritableRpcEngine with something that's not so Java-specific, so that
we can easily write RPC clients and servers in languages besides Java.  The existing AvroRpcEngine
just tunnels Avro-format requests over WritableRpcEngine, and is not the language-indepdendent
client-server implementation we'll probably eventually need.  It would make this future evolution
easier if the Sasl code were as cleanly separated from the RPC engine implementation as possible.

In the current patch large chunks of Sasl-specific code are added to Client.java and Server.java,
which implement WritableRpcEngine.  Would it instead be possible to move most of this to separate
Sasl-specific files, to minimize the changes to Client.java and Server.java, and maximize
the (hopefully) reusable Sasl code?


> Change RPC layer to support SASL/token based mutual authentication
> ------------------------------------------------------------------
>
>                 Key: HADOOP-6419
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6419
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: c6419-26.patch
>
>
> The authentication mechanism to use will be SASL DIGEST-MD5 (see RFC-2222 and RFC-2831).
Since J2SE 5, Sun provides a SASL implementation by default. Both our delegation token and
job token can be used as credentials for SASL DIGEST-MD5 authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message