hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-7073) Allow falling back to a non-SASL connection on DataTransferProtocol in several edge cases.
Date Tue, 16 Sep 2014 19:12:34 GMT
Chris Nauroth created HDFS-7073:
-----------------------------------

             Summary: Allow falling back to a non-SASL connection on DataTransferProtocol
in several edge cases.
                 Key: HDFS-7073
                 URL: https://issues.apache.org/jira/browse/HDFS-7073
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: datanode, hdfs-client, security
            Reporter: Chris Nauroth
            Assignee: Chris Nauroth


HDFS-2856 implemented general SASL support on DataTransferProtocol.  Part of that work also
included a fallback mode in case the remote cluster is running under a different configuration
without SASL.  I've discovered a few edge case configurations that this did not support:

* Cluster is unsecured, but has block access tokens enabled.  This is not something I've seen
done in practice, but I've heard historically it has been allowed.  The HDFS-2856 code relied
on seeing an empty block access token to trigger fallback, and this doesn't work if the unsecured
cluster actually is using block access tokens.
* The DataNode has an unpublicized testing configuration property that could be used to skip
the privileged port check.  However, the HDFS-2856 code is still enforcing requirement of
SASL when the ports are not privileged, so this would force existing configurations to make
changes to activate SASL.

This patch will restore the old behavior so that these edge case configurations will continue
to work the same way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message