hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and provide negotiation capabilities
Date Tue, 25 Jun 2013 14:02:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13693051#comment-13693051
] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

I'm intending for the proto/serverid to be a general way for the client to determine if it
has the required credentials to even initiate that particular auth type.  In the end, both
the SASL client & server must use the exact same values for any mechanism or the SASL
exchange will fail.

In the case of kerberos, the GSSAPI mechanism uses the proto/serverid to communicate the service
principal's user and host.

In the case of tokens, the proto/serverid could be used to communication info to find the
token.  Luke is right that the proto/serverid is used by DIGEST-MD5 to form digest-uri which
currently has no bearing on the authentication.  However, this info may allow a token lookup
independent of the current service lookup and the woes caused by use_ip.

With other auth methods, the provided info might form a hint as to how to obtain the needed
credentials.  For instance, the serverid might be used to provide the trusted SSO server for
SSO or identity tokens.

Again, it's a SASL requirement that the same proto/serverid must be used to instantiate the
SASL client & start.  The GSSAPI mechanism uses that information to get a service ticket.
 How we use those fields for other mechanisms like DIGEST-MD5 is up to us.
                
> Convert SASL to use ProtoBuf and provide negotiation capabilities
> -----------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>             Fix For: 3.0.0, 2.1.0-beta, 2.2.0
>
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message