hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-2856) Fix block protocol so that Datanodes don't require root or jsvc
Date Fri, 20 Jun 2014 23:12:24 GMT

     [ https://issues.apache.org/jira/browse/HDFS-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chris Nauroth updated HDFS-2856:

    Attachment: HDFS-2856.3.patch

I'm attaching patch v3 and notifying [~jnp], since I know he had started reviewing the patch.

The new revision fixes a bug I found in that a client configured with SASL on DataTransferProtocol
would not have been able to communicate with an unsecured cluster.  This is a supported use
case for things like distcp from a secured source to an unsecured destination.  The code change
to fix this is in {{SaslDataTransferClient#send}}.  It only allows fallback to an unsecure
connection if configuration property {{ipc.client.fallback-to-simple-auth-allowed}} has been
set.  This is consistent with other RPC client code.

I also improved the tests in {{TestSaslDataTransfer}}.

> Fix block protocol so that Datanodes don't require root or jsvc
> ---------------------------------------------------------------
>                 Key: HDFS-2856
>                 URL: https://issues.apache.org/jira/browse/HDFS-2856
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: datanode, security
>    Affects Versions: 3.0.0, 2.4.0
>            Reporter: Owen O'Malley
>            Assignee: Chris Nauroth
>         Attachments: Datanode-Security-Design.pdf, Datanode-Security-Design.pdf, Datanode-Security-Design.pdf,
HDFS-2856.1.patch, HDFS-2856.2.patch, HDFS-2856.3.patch, HDFS-2856.prototype.patch
> Since we send the block tokens unencrypted to the datanode, we currently start the datanode
as root using jsvc and get a secure (< 1024) port.
> If we have the datanode generate a nonce and send it on the connection and the sends
an hmac of the nonce back instead of the block token it won't reveal any secrets. Thus, we
wouldn't require a secure port and would not require root or jsvc.

This message was sent by Atlassian JIRA

View raw message