hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9698) RPCv9 client must honor server's SASL negotiate response
Date Tue, 23 Jul 2013 18:02:49 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13716666#comment-13716666
] 

Daryn Sharp commented on HADOOP-9698:
-------------------------------------

Late last year I was working on tokens for non-secure clusters by adding the SASL PLAIN auth
- since SASL = security which would leave SIMPLE alone.  I plan to finish this work in the
near future.

I had contemplated making SIMPLE use the PLAIN mechanism to make everything SASL which makes
clients always try to get a token.  Then we could also use the authz field of SASL (we currently
set to null) to pass the effective user, thus eliminating the need for the connection context.
 I decided against it for now, since I think it can be a backwards compatible change in the
future whereby the server won't expect a connection context if the authz user is non-null.
 But I digress.
                
> RPCv9 client must honor server's SASL negotiate response
> --------------------------------------------------------
>
>                 Key: HADOOP-9698
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9698
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: ipc
>    Affects Versions: 3.0.0, 2.1.0-beta
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9698.patch
>
>
> As of HADOOP-9421, a RPCv9 server will advertise its authentication methods.  This is
meant to support features such as IP failover, better token selection, and interoperability
in a heterogenous security environment.
> Currently the client ignores the negotiate response and just blindly attempts to authenticate
instead of choosing a mutually agreeable auth method.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message