Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0CAA4CF66 for ; Fri, 21 Jun 2013 06:31:26 +0000 (UTC) Received: (qmail 80713 invoked by uid 500); 21 Jun 2013 06:31:25 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 80490 invoked by uid 500); 21 Jun 2013 06:31:25 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 80356 invoked by uid 99); 21 Jun 2013 06:31:25 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jun 2013 06:31:25 +0000 Date: Fri, 21 Jun 2013 06:31:24 +0000 (UTC) From: "Daryn Sharp (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13690066#comment-13690066 ] Daryn Sharp commented on HADOOP-9421: ------------------------------------- bq. If we have to replace Digest-MD5 for security reasons, we'll be SOL. That's completely untrue. There is nothing in the protocol that would prevent SCRAM being supported. {noformat} C -> S connectionHeader(SASL) C <- S NEGOTIATE { [TOKEN, SCRAM, proto, serverId], ... } C -> S INITIATE [TOKEN] initial-response {noformat} bq. I merely want to leave the optional client initiate proto in the protocol for future optimizations In light of everything I've described, please detail what future optimization is possible? Please answer, how is the client capable of: * Guessing a supported auth * Guessing the supported mechanism for guessed auth * Based on those guesses, reliably creating a SASL client to generate a SASL response * Dealing with the mishaps when the client blows itself up trying an auth the server doesn't even support Notably, describe how you would handle the problems I detailed regarding a client failing if it even attempts kerberos with a non-kerberos server. It won't even succeed far enough to send the INITIATE. > Convert SASL to use ProtoBuf and add lengths for non-blocking processing > ------------------------------------------------------------------------ > > Key: HADOOP-9421 > URL: https://issues.apache.org/jira/browse/HADOOP-9421 > Project: Hadoop Common > Issue Type: Sub-task > Affects Versions: 2.0.3-alpha > Reporter: Sanjay Radia > Assignee: Daryn Sharp > Priority: Blocker > Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421-v2-demo.patch > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira