hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jitendra Nath Pandey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-13081) Datanode#checkSecureConfig should check HTTPS and SASL encryption
Date Wed, 07 Feb 2018 19:30:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-13081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16355938#comment-16355938
] 

Jitendra Nath Pandey commented on HDFS-13081:
---------------------------------------------

{quote}Delegation tokens send passwords in the clear over http.  Webhdfs is at high risk.
{quote}
That is a valid point. That explains why check for HTTPS was added in the first place. It
should be documented in javadocs.

IIUC the required checks are following:

1) For RPC: It should be either a privileged port or must use SASL for mutual authentication.

2) For HTTP: It should be either a privileged port or must use HTTPS 

However a combination like privileged port for HTTP and SASL for RPC should also work. 

The advantage of SASL is that it allows qop negotiation and different clients can choose encryption
depending on where they are connecting from and sensitivity of data.

[~daryn], what are your thoughts on having privileged port for HTTP with SASL for RPC?

> Datanode#checkSecureConfig should check HTTPS and SASL encryption
> -----------------------------------------------------------------
>
>                 Key: HDFS-13081
>                 URL: https://issues.apache.org/jira/browse/HDFS-13081
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, security
>    Affects Versions: 3.0.0
>            Reporter: Xiaoyu Yao
>            Assignee: Ajay Kumar
>            Priority: Major
>         Attachments: HDFS-13081.000.patch
>
>
> Datanode#checkSecureConfig currently check the following to determine if secure datanode is
enabled. 
>  # The server has bound to privileged ports for RPC and HTTP via SecureDataNodeStarter.
>  # The configuration enables SASL on DataTransferProtocol and HTTPS (no plain HTTP) for
the HTTP server. The SASL handshake guarantees authentication of the RPC server before a client
transmits a secret, such as a block access token. Similarly, SSL guarantees authentication
of the
>  HTTP server before a client transmits a secret, such as a delegation token.
> For the 2nd case, HTTPS_ONLY means all the traffic between REST client/server will be
encrypted. However, the logic to check only if SASL property resolver is configured does not
mean server requires an encrypted RPC. 
> This ticket is open to further check and ensure datanode SASL property resolver has
a QoP that includes auth-conf(PRIVACY). Note that the SASL QoP (Quality of Protection) negotiation
may drop RPC protection level from auth-conf(PRIVACY) to auth-int(integrity) or auth(authentication)
only, which should be fine by design.
>  
> cc: [~cnauroth] , [~daryn], [~jnpandey] for additional feedback.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message