hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing
Date Thu, 20 Jun 2013 18:28:53 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689490#comment-13689490
] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

I'm referring to the roundtrip your patch introduces by responding with negotiate if it's
a non-token auth.

The client can't chose the best auth, or even know the supported auths, if it's already guessed
prior to connection.  How will the client know whether the server does DIGEST-MD5 or SCRAM
for tokens?  It won't work in a mixed environment.

Eliminating use_ip is not related to the mech.  A server hint is for the token selection itself
instead of the fragile way tokens are currently selected.  Tokens are completely sensitive
to multi-interface hosts, and different hostnames for the same machine.

IP failover with a shared principal isn't an option, at least for us.  A shared principal
prevents direct communication with the HA NNs because the client will use the actual host's
principal, not the shared principal.  Which also means DNs can't heartbeat into both NNs w/o
hardcoding in the config, which may be problematic for federation + HA.

The roundtrip reduction "hack" is a feature that can be extended to any sasl mechanism that
can initiate.

The point you keep missing is +the client can't guess an auth method+ but you keep focusing
on retaining that behavior.  We need to resolve this with the offline call today.
                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message