Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DFE6E1064C for ; Thu, 3 Apr 2014 16:14:25 +0000 (UTC) Received: (qmail 17534 invoked by uid 500); 3 Apr 2014 16:14:19 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 17462 invoked by uid 500); 3 Apr 2014 16:14:18 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 17437 invoked by uid 99); 3 Apr 2014 16:14:18 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Apr 2014 16:14:18 +0000 Date: Thu, 3 Apr 2014 16:14:18 +0000 (UTC) From: "Benoy Antony (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HADOOP-10221) Add a plugin to specify SaslProperties for RPC protocol based on connection properties MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-10221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benoy Antony updated HADOOP-10221: ---------------------------------- Release Note: SaslPropertiesResolver or its subclass is used to resolve the QOP used for a connection. The subclass can be specified via "hadoop.security.saslproperties.resolver.class" configuration property. If not specified, the full set of values specified in hadoop.rpc.protection is used while determining the QOP used for the connection. If a class is specified, then the QOP values returned by the class will be used while determining the QOP used for the connection. Note that this change, effectively removes SaslRpcServer.SASL_PROPS which was a public variable. Any use of this variable outside hadoop should be replaced with the following code: SaslPropertiesResolver saslPropsResolver = SaslPropertiesResolver.getInstance(conf); Map sasl_props = saslPropsResolver.getDefaultProperties() was: SaslPropertiesResolver or its subclass is used to resolve the QOP used for a connection. The subclass can be specified via "hadoop.security.saslproperties.resolver.class" configuration property. If not specified, the full set of values specified in hadoop.rpc.protection is used while determining the QOP used for the connection. If a class is specified, then the QOP values returned by the class will be used while determining the QOP used for the connection. Note that this change, effectively removes SaslRpcServer.SASL_PROPS which was a public variable. Any use of this variable outside hadoop should be replaced with the following code: SaslPropertiesResolver saslPropsResolver = SaslPropertiesResolver.getInstance(conf); Map sasl_props = saslPropsResolver.getDefaultProperties() > Add a plugin to specify SaslProperties for RPC protocol based on connection properties > -------------------------------------------------------------------------------------- > > Key: HADOOP-10221 > URL: https://issues.apache.org/jira/browse/HADOOP-10221 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.2.0 > Reporter: Benoy Antony > Assignee: Benoy Antony > Fix For: 3.0.0, 2.4.0 > > Attachments: HADOOP-10221.no-static.example, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch, HADOOP-10221.patch > > > Add a plugin to specify SaslProperties for RPC protocol based on connection properties. > HADOOP-10211 enables client and server to specify and support multiple QOP. Some connections needs to be restricted to a specific set of QOP based on connection properties. > Eg. connections from client from a specific subnet needs to be encrypted (QOP=privacy) -- This message was sent by Atlassian JIRA (v6.2#6252)