hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10211) Enable RPC protocol to negotiate SASL-QOP values between clients and servers
Date Fri, 14 Feb 2014 22:21:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902031#comment-13902031

Daryn Sharp commented on HADOOP-10211:

Why catch and silently ignore IllegalArgumentException?  The user wants privacy or integrity,
but typos it, it's not very secure to silently fallback to none.  I'd let the exception be

> Enable RPC protocol to negotiate SASL-QOP values between clients and servers
> ----------------------------------------------------------------------------
>                 Key: HADOOP-10211
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10211
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.2.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HADOOP-10211.patch, HADOOP-10211.patch, HADOOP-10211.patch, HADOOP-10211.patch,
> SASL allows different types of protection are referred to as the quality of protection
(qop). It is negotiated between the client and server during the authentication phase of the
SASL exchange. Currently hadoop allows specifying a single QOP value  via _hadoop.rpc.protection_.

> The enhancement enables a user to specify multiple QOP values -  _authentication_, _integrity_,
_privacy_ as a comma separated list via _hadoop.rpc.protection_
> The client and server can have different set of values for  _hadoop.rpc.protection_ and
they will negotiate to determine the QOP to be used for communication.

This message was sent by Atlassian JIRA

View raw message