hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10211) Enable RPC protocol to negotiate SASL-QOP values between clients and servers
Date Sat, 08 Mar 2014 00:06:50 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Benoy Antony updated HADOOP-10211:
----------------------------------

    Release Note: The hadoop.rpc.protection configuration property previously supported specifying
a single value: one of authentication, integrity or privacy.  An unrecognized value was silently
assumed to mean authentication.  This configuration property now accepts a comma-separated
list of any of the 3 values, and unrecognized values are rejected with an error. If the property
is empty or not specified, authentication is assumed. Existing configurations containing an
invalid value must be corrected.  (was: The hadoop.rpc.protection configuration property previously
supported specifying a single value: one of authentication, integrity or privacy.  An unrecognized
value was silently assumed to mean authentication.  This configuration property now accepts
a comma-separated list of any of the 3 values, and urecognized values are rejected with an
error.  Existing configurations containing an invalid value must be corrected.)

> Enable RPC protocol to negotiate SASL-QOP values between clients and servers
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-10211
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10211
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.2.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>             Fix For: 3.0.0, 2.4.0
>
>         Attachments: HADOOP-10211.patch, HADOOP-10211.patch, HADOOP-10211.patch, HADOOP-10211.patch,
HADOOP-10211.patch, HADOOP-10221.sample
>
>
> SASL allows different types of protection are referred to as the quality of protection
(qop). It is negotiated between the client and server during the authentication phase of the
SASL exchange. Currently hadoop allows specifying a single QOP value  via _hadoop.rpc.protection_.

> The enhancement enables a user to specify multiple QOP values -  _authentication_, _integrity_,
_privacy_ as a comma separated list via _hadoop.rpc.protection_
> The client and server can have different set of values for  _hadoop.rpc.protection_ and
they will negotiate to determine the QOP to be used for communication.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message