hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing
Date Wed, 29 May 2013 20:22:22 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13669681#comment-13669681
] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

I still think there's confusion here.  I'm not proposing per-call SASL.  The SASL negotiation
sequence is wrapped in a fake callId in response to the connection header.  It will simplify
the client & server and open future possibilities.

The session idea is interesting, but it closes the door on the server requiring multiple mechanism
- ex. with all the other auth suggestions, maybe if the server auths a token, it will want
to demand auth of an identity token or similar.

I'm not sure using proxy/super-user authentication is desirable for multiplexing.  If I have
a process servicing multiple UGIs, I doesn't necessarily want that process to have hdfs "root"
privileges.  I want each multiplexed connection to use its specific token.  For multiplexing
to be feasible and remain async, the server must be able to determine what each received packet
is - rpc call or sasl auth call.
                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message