hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HADOOP-6902) RPC server's SASL_PROPS shouldn't be re-initialized every time an RPC client is created
Date Sat, 21 Aug 2010 00:12:17 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-6902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kan Zhang updated HADOOP-6902:
------------------------------

    Attachment: c6902-03.patch

Attaching a preliminary patch for review. 

1. To simplify the code, I chose the simple use model of a cluster-wide property that either
you use encryption for all your RPC connections or not. There is no support for selective
encryption on a per-connection basis. 

2. Removed splitKerberosName() method and use KerberosName class instead

3. re-factored createSaslServer methods from Server to SaslRpcServer to have better encapsulation
of SASL_PROS.

4. SASL_PROS is set according to the conf used to call UGI.setConfiguration(conf). Otherwise,
it defaults to no-encryption. Anyone sees any problem here?


> RPC server's SASL_PROPS shouldn't be re-initialized every time an RPC client is created
> ---------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6902
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6902
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: ipc, security
>            Reporter: Kan Zhang
>         Attachments: c6902-03.patch
>
>
> SaslRpcServer.SASL_PROPS is a SASL server property and should stay constant after initialization.
In the initial implementation, we assumed all SASL clients will use the same constant value.
If different clients might use different values depending on the conf in the getProxy() call
(as current code implies), each client should have its own copy. In any case, a client shouldn't
re-initialize server's copy.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message