Hadoop Common
  1. Hadoop Common
  2. HADOOP-10057

Add ability in Hadoop servers (Namenode, JobTracker, Datanode ) to support multiple QOP (Authentication , Privacy) simultaneously

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Add ability in Hadoop servers (Namenode, JobTracker Datanode ) to support multiple QOP (Authentication , Privacy) simlutaneously

      Hadoop Servers currently support only one QOP(quality of protection)for the whole cluster.
      We want Hadoop servers to support multiple QOP at the same time.
      The logic used to determine the QOP should be pluggable.
      This will enable hadoop servers to communicate with different types of clients with different QOP.

      A sample usecase:
      Let each Hadoop server support two QOP .
      1. Authentication
      2. Privacy (Privacy includes Authentication) .
      The Hadoop servers and internal clients require to do Authentication only without incurring cost of encryption. External clients use Privacy.

      An ip-whitelist logic to determine the QOP is provided and used as the default QOP resolution logic.

      1. HADOOP-10057.pdf
        75 kB
        Benoy Antony
      2. hadoop-10057-branch-1.2.patch
        53 kB
        Benoy Antony

        Issue Links

          Activity

          Hide
          Benoy Antony added a comment -

          HADOOP-9709 is alternate approach for the same logic. But it required running servers on multiple ports. With this single server listening one one port supports multiple QOP

          Show
          Benoy Antony added a comment - HADOOP-9709 is alternate approach for the same logic. But it required running servers on multiple ports. With this single server listening one one port supports multiple QOP
          Hide
          Benoy Antony added a comment -

          This is patch on top of DataTransferProtocol Encryption added by HDFS-5290

          Show
          Benoy Antony added a comment - This is patch on top of DataTransferProtocol Encryption added by HDFS-5290
          Hide
          Benoy Antony added a comment -

          The patch includes unit tests. Will also attach a design document in the coming days.
          Also provide a patch for the trunk within the new few weeks.

          Show
          Benoy Antony added a comment - The patch includes unit tests. Will also attach a design document in the coming days. Also provide a patch for the trunk within the new few weeks.
          Hide
          Benoy Antony added a comment -

          Attaching the design document.

          Show
          Benoy Antony added a comment - Attaching the design document.

            People

            • Assignee:
              Benoy Antony
              Reporter:
              Benoy Antony
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:

                Development