hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8999) SASL negotiation is flawed
Date Thu, 01 Nov 2012 13:35:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13488691#comment-13488691

Daryn Sharp commented on HADOOP-8999:

No, this problem is not related to the other changes.

If the SASL client (the PLAIN client does this) immediately claims it's done, the client code
doesn't bother to read the server's RPC response.  For one, this precludes the client interpreting
a failure response.  It also prevents a client from interpreting a "switch to simple" response
from the server.

So you fix the client and then find the server doesn't send success if the SASL server returns
null when it's done instead of a final byte sequence.  The client blocks till it times out.

When either the client or server gets out of sync, a confusing incomplete protobuf exception
is thrown.  I'll post a simple (no pun intended!) patch after I finish testing on a secure
> SASL negotiation is flawed
> --------------------------
>                 Key: HADOOP-8999
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8999
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: ipc
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
> The RPC protocol used for SASL negotiation is flawed.  The server's RPC response contains
the next SASL challenge token, but a SASL server can return null (I'm done) or a N-many byte
challenge.  The server currently will not send a RPC success response to the client if the
SASL server returns null, which causes the client to hang until it times out.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message