hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6419) Change RPC layer to support SASL/token based mutual authentication
Date Thu, 14 Jan 2010 00:44:54 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12800047#action_12800047
] 

Kan Zhang commented on HADOOP-6419:
-----------------------------------

> I suspect that all of the SASL code could be pulled into a SocketFactory and ServerSocketFactory
 [ ... ]

It would be great if we could do so. I think it's possible on the client side. However, on
the server side, since we use non-blocking IO and the RPC listener thread does all the connection
setup and reading, it won't save much even if we try to move SASL related code to a sperate
file since the listener thread still has to be aware of whether the incoming connection is
a SASL connection and act accordingly. 


> Change RPC layer to support SASL/token based mutual authentication
> ------------------------------------------------------------------
>
>                 Key: HADOOP-6419
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6419
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: c6419-26.patch
>
>
> The authentication mechanism to use will be SASL DIGEST-MD5 (see RFC-2222 and RFC-2831).
Since J2SE 5, Sun provides a SASL implementation by default. Both our delegation token and
job token can be used as credentials for SASL DIGEST-MD5 authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message