hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing
Date Thu, 20 Jun 2013 23:53:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689870#comment-13689870
] 

Luke Lu commented on HADOOP-9421:
---------------------------------

My "simple to \*" is equivalent Daryn's. Note, consecutive C -> S can be merged into one
TCP packet.

SASL to insecure
{code}
C -> S connectionHeader(SASL), INITIATE(optional initial token) 
C <- S SUCCESS
C -> S connectionContext, RPC request
{code}

SASL to secure
{code}
C -> S connectionHeader(SASL), INITIATE(optional initial token, [(TOKEN, DIGEST-MD5)])
C <- S CHALLENGE(challenge-token) or NEGOTIATE([(TOKEN, DIGEST-MD5), (KERBEROS, GSSAPI),
...])
C -> S RESPONSE(response-token) or REINITIATE(initial token, [(TOKEN, DIGEST-MD5)])
...
C <- S SUCCESS(final-token)
C -> S connectionContext, RPC request
{code}

Bottom line: my patch is a strict superset of Daryn's patch from protocol POV. The keyward
is *optional* client initiate.  Daryn's protocol can *not* support SCRAM (or any modern auths
requiring client nonce) without an extra round-trip.

Most of the credit of my patch goes to Daryn, as adding optional client initiate is simple
(only a few extra lines).
                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message