hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug Cutting <cutt...@apache.org>
Subject Re: HTTP transport?
Date Wed, 14 Oct 2009 16:37:34 GMT
Kan Zhang wrote:
> One problem I see with using HTTP is that it's expensive to provide data
> encryption. We're currently adding 2 authentication mechanisms (Kerberos and
> DIGEST-MD5) to our existing RPC. Both of them can provide data encryption
> for subsequent communication over the authenticated channel. However, when
> similar authentication mechanisms are specified for HTTP (SPNEGO and HTTP
> DIGEST, respectively), they don't provide data encryption (correct me if I'm
> wrong). For data encryption over HTTP, one has to use SSL, which is
> expensive.

Java supports using Kerberos-based encryption for TLS (nee SSL):

http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#KRB

http://tools.ietf.org/html/rfc2712

There's also a standard way to use tickets over TLS:

http://tools.ietf.org/html/rfc4507

Doug


Mime
View raw message