hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing
Date Fri, 21 Jun 2013 02:36:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689980#comment-13689980
] 

Luke Lu commented on HADOOP-9421:
---------------------------------

bq. At best the client will fail to initiate GSSAPI with the wrong principle. You'd have to
assume an exception means solicit a negotiate message to recreate the SASL client. At worst
you get the wrong service ticket and fail the negotiation. 

I think we can do better with my protocol for the insane (separate server principals for HA
servers for a logical server) fail over case:
{code}
C -> S connectionHeader, INITIATE(old-token, [KERBEROS], old-host)
C <- S NEGOTIATE([TOKEN, KERBEROS], new-host) // no exception as the server can detect
that old-host and new-host being different.
C -> S REINITIATE(new-token, KERBEROS)
...
{code}

Client can cache the server name and in steady state case:
{code}
C -> S connectionHeader, INITIATE(new-token, [KERBEROS], new-host)
C <- S CHALLENGE(final-token)
{code}

Look ma, no NEGOTIATE!


                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message