Return-Path: 
 <common-issues-return-49319-apmail-hadoop-common-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9680CCC7F
	for <apmail-hadoop-common-issues-archive@minotaur.apache.org>;
 Fri, 21 Jun 2013 18:10:24 +0000 (UTC)
Received: (qmail 69123 invoked by uid 500); 21 Jun 2013 18:10:23 -0000
Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org
Received: (qmail 68922 invoked by uid 500); 21 Jun 2013 18:10:22 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Reply-To: common-issues@hadoop.apache.org
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 68719 invoked by uid 99); 21 Jun 2013 18:10:21 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jun 2013 18:10:21 +0000
Date: Fri, 21 Jun 2013 18:10:21 +0000 (UTC)
From: "Daryn Sharp (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.12638070.1363810059559.156353.1371838221316@arcas>
In-Reply-To: <JIRA.12638070.1363810059559@arcas>
References: <JIRA.12638070.1363810059559@arcas>
Subject: [jira] [Updated] (HADOOP-9421) Convert SASL to use ProtoBuf and add
 lengths for non-blocking processing
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daryn Sharp updated HADOOP-9421:
--------------------------------

    Attachment: HADOOP-9421.patch

Only response that will ever be sent after a connection header is a RPC exception for invalid fields.  Server will not SASL respond to a client until it sends either NEGOTIATE or INITIATE.

If the client sends NEGOTIATE, the server responds with a full list of his negotiation methods.  The client has one shot to do an INITIATE before failure.

If the client sends INITIATE, and guesses wrong, the server responds with NEGOTIATE.  Again, the client now has one shot to send a valid INITIATE.

Basically the client gets one freebie to do a bad INITIATE.  Once the client has been informed of valid auth methods, it must use a valid one.  This forces authentication down a deterministic progression of states.  If the client fumbles, the authentication fails.
                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira