hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7073) Allow falling back to a non-SASL connection on DataTransferProtocol in several edge cases.
Date Fri, 19 Sep 2014 13:12:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14140447#comment-14140447
] 

Yi Liu commented on HDFS-7073:
------------------------------

Chris, thanks for quick update for this bulk of work.

The new approach is good. Agree that if the NameNode interaction falls back to simple auth
then we skip SASL for DataTransferProtocol too, that makes sense. This can also protect from
in secured cluster and fallback allowed, malicious task listens on the DN's port and steal
the block access token. Also in this way, we don't need fallback exception to trigger retry
as in the patch.



The new patch looks good to me, only few comments:

*1.* I think we may not need to pass {{fallbackToSimpleAuth}} for each call. Since we do authentication
for each connection, {{fallbackToSimpleAuth}} could be as a variable of connection, then in
_ProtobufRpcEngine_ and other rpc engine, we can get _fallbackToSimpleAuth_ through the connection.
Then the logic looks more straight and clear?

*2.* I see there are two {{TODO}} for HA case in NameNodeProxies.java.

> Allow falling back to a non-SASL connection on DataTransferProtocol in several edge cases.
> ------------------------------------------------------------------------------------------
>
>                 Key: HDFS-7073
>                 URL: https://issues.apache.org/jira/browse/HDFS-7073
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, hdfs-client, security
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HDFS-7073.1.patch, HDFS-7073.2.patch
>
>
> HDFS-2856 implemented general SASL support on DataTransferProtocol.  Part of that work
also included a fallback mode in case the remote cluster is running under a different configuration
without SASL.  I've discovered a few edge case configurations that this did not support:
> * Cluster is unsecured, but has block access tokens enabled.  This is not something I've
seen done in practice, but I've heard historically it has been allowed.  The HDFS-2856 code
relied on seeing an empty block access token to trigger fallback, and this doesn't work if
the unsecured cluster actually is using block access tokens.
> * The DataNode has an unpublicized testing configuration property that could be used
to skip the privileged port check.  However, the HDFS-2856 code is still enforcing requirement
of SASL when the ports are not privileged, so this would force existing configurations to
make changes to activate SASL.
> This patch will restore the old behavior so that these edge case configurations will
continue to work the same way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message