hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing
Date Fri, 21 Jun 2013 06:31:24 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13690066#comment-13690066
] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

bq. If we have to replace Digest-MD5 for security reasons, we'll be SOL.

That's completely untrue.  There is nothing in the protocol that would prevent SCRAM being
supported.

{noformat}
C -> S connectionHeader(SASL)
C <- S NEGOTIATE { [TOKEN, SCRAM, proto, serverId], ... }
C -> S INITIATE [TOKEN] initial-response
{noformat}

bq. I merely want to leave the optional client initiate proto in the protocol for future optimizations

In light of everything I've described, please detail what future optimization is possible?

Please answer, how is the client capable of:
* Guessing a supported auth
* Guessing the supported mechanism for guessed auth
* Based on those guesses, reliably creating a SASL client to generate a SASL response
* Dealing with the mishaps when the client blows itself up trying an auth the server doesn't
even support

Notably, describe how you would handle the problems I detailed regarding a client failing
if it even attempts kerberos with a non-kerberos server.  It won't even succeed far enough
to send the INITIATE.
                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message