hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing
Date Fri, 14 Jun 2013 23:06:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13683896#comment-13683896
] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

Given today's network speeds, I'm not going to fret over a handful of bytes that greatly enhance
the design of the authentication layer.

I did extensive testing with a more advanced follow on patch that instantiates the SASL client
upon receipt of the NEGOTIATE.  That patch resulted in an average 1% penalty and a median
2% penalty to the first RPC call using kerberos authentication - which translates to less
than 10ms.  That held true while issuing concurrent calls up until the number of socket readers.
 Once the number of socket readers is exceeded, performance drops off so sharply that any
penalty is lost in the statistical noise.

Assuming the penalty is entirely due to the additional NEGOTIATE response, I can likely erase
it by removing the unnecessary connection context.  We're passing null for the SASL authz
user when it could be the effective user.  SIMPLE is the only "auth" that actually requires
the context context, but that could be a special case (as it already is in many ways) or could
be replaced with SASL PLAIN which simply sends the effective and real user separated by null
bytes.

Note this patch does have a minor issue with kerberos where the client is confused about the
state of negotiation after it completes.

                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message