hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoyu Yao (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-13061) SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted channel
Date Wed, 31 Jan 2018 18:58:00 GMT

     [ https://issues.apache.org/jira/browse/HDFS-13061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Xiaoyu Yao updated HDFS-13061:
       Resolution: Fixed
     Hadoop Flags: Reviewed
    Fix Version/s: 3.1.0
           Status: Resolved  (was: Patch Available)

Thanks [~ajayydv] for the contribution. I've committed the patch to trunk and branch-3.0.

> SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted channel
> -------------------------------------------------------------------------------------
>                 Key: HDFS-13061
>                 URL: https://issues.apache.org/jira/browse/HDFS-13061
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Xiaoyu Yao
>            Assignee: Ajay Kumar
>            Priority: Major
>             Fix For: 3.1.0
>         Attachments: HDFS-13061.000.patch, HDFS-13061.001.patch, HDFS-13061.002.patch,
> HDFS-5910 introduces encryption negotiation between client and server based on a customizable
TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server
side. If the resolver indicates that the channel is trusted, then the data transfer will not
be encrypted even if dfs.encrypt.data.transfer is set to true. 
> SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the client and
server address are trusted, respectively. It decides the channel is untrusted only if both
client and server are not trusted to enforce encryption. *This ticket is opened to change
it to not trust (and encrypt) if either client or server address are not trusted.*

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message