hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "kartheek muthyala (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-13836) Securing Hadoop RPC using SSL
Date Mon, 28 Nov 2016 15:21:58 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

kartheek muthyala updated HADOOP-13836:
---------------------------------------
    Attachment: HADOOP-13836.patch

Hi all,
We are submitting an initial version of the patch for a preliminary review. We have tested
this patch on a bunch of long running jobs, and the performance is decent. We will publish
some performance numbers soon. Feel free to enhance the patch. 

This patch contains 
1. Reorganization of IPC Server and Client classes to make them more extensible. The changes
are
a. A new ListenerFactory class that can dynamically instantiate appropriate listener based
on the configuration.
b. A new AbstractListener class that abstracts the common functionalities of different listeners.
c. ConnectionFactory class to instantiate an appropriate connection class in Server and Client
classes

2. Implementation of SSL layer in Server.java class
3. Implementation on Client.java uses javax.net.ssl library to make SSL connections
4. Unit testing of SSL implementation.



> Securing Hadoop RPC using SSL
> -----------------------------
>
>                 Key: HADOOP-13836
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13836
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: ipc
>            Reporter: kartheek muthyala
>         Attachments: HADOOP-13836.patch
>
>
> Today, RPC connections in Hadoop are encrypted using Simple Authentication & Security
Layer (SASL), with the Kerberos ticket based authentication or Digest-md5 checksum based authentication
protocols. This proposal is about enhancing this cipher suite with SSL/TLS based encryption
and authentication. SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard,
that provides data security and integrity across two different end points in a network. This
protocol has made its way to a number of applications such as web browsing, email, internet
faxing, messaging, VOIP etc. And supporting this cipher suite at the core of Hadoop would
give a good synergy with the applications on top and also bolster industry adoption of Hadoop.
> The Server and Client code in Hadoop IPC should support the following modes of communication
> 1.	Plain 
> 2.     SASL encryption with an underlying authentication
> 3.     SSL based encryption and authentication (x509 certificate)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message