[ https://issues.apache.org/jira/browse/GIRAPH-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458009#comment-13458009
]
Eugene Koontz commented on GIRAPH-211:
--------------------------------------
My apologies for the delay. I am in the final stages : getting it to compile on all supported
Hadoop versions and fixing checkstyle errors. I have the SASL code implemented as a ChannelHandler
as we discussed. Here's what the pipeline looks like on the client side, showing both authenticated
and non-authenticated cases:
{code:title=NettyClient.java}
// Set up the pipeline factory.
bootstrap.setPipelineFactory(new ChannelPipelineFactory() {
@Override
public ChannelPipeline getPipeline() throws Exception {
if (conf.getBoolean(GiraphJob.AUTHENTICATE,
GiraphJob.DEFAULT_AUTHENTICATE)) {
LOG.info("Using Netty with authentication.");
// Our pipeline starts with just byteCounter, and then we use
// addAfter() to incrementally add pipeline elements, so that we can
// name them for identification for removal or replacement after
// client is authenticated by server.
ChannelPipeline pipeline = Channels.pipeline(
byteCounter);
// After authentication finishes, the following is replaced with
// FixedLengthFrameDecoder (as in non-auth pipeline below):
pipeline.addLast("length-field-based-frame-decoder",
new LengthFieldBasedFrameDecoder(1024, 0, 4, 0, 4));
pipeline.addLast("request-encoder", new RequestEncoder());
// After authentication finishes, the following is removed:
pipeline.addLast("sasl-client-handler",
new SaslClientHandler(conf));
pipeline.addLast("response-handler",
new ResponseClientHandler(clientRequestIdRequestInfoMap, conf));
return pipeline;
} else {
LOG.info("Using Netty without authentication.");
return Channels.pipeline(
byteCounter,
new FixedLengthFrameDecoder(RequestServerHandler.RESPONSE_BYTES),
new RequestEncoder(),
new ResponseClientHandler(clientRequestIdRequestInfoMap, conf));
}
}
});
{code}
> Add secure authentication to Netty IPC
> --------------------------------------
>
> Key: GIRAPH-211
> URL: https://issues.apache.org/jira/browse/GIRAPH-211
> Project: Giraph
> Issue Type: Improvement
> Reporter: Eugene Koontz
> Assignee: Eugene Koontz
> Fix For: 0.2.0
>
> Attachments: GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch,
GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211-proposal.txt
>
>
> Gianmarco De Francisci Morales asked on the user list:
> bq. I am getting the exception in the subject when running my giraph program
> bq. on a cluster with Kerberos authentication.
> This leads to the idea of having Kerberos authentication supported within GIRAPH. Hopefully
it would use our fast GIRAPH-37 IPC, but could also interoperate with Hadoop security.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|