Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10211

Enable RPC protocol to negotiate SASL-QOP values between clients and servers

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.4.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      The hadoop.rpc.protection configuration property previously supported specifying a single value: one of authentication, integrity or privacy. An unrecognized value was silently assumed to mean authentication. This configuration property now accepts a comma-separated list of any of the 3 values, and unrecognized values are rejected with an error. Existing configurations containing an invalid value must be corrected. If the property is empty or not specified, authentication is assumed.
      Show
      The hadoop.rpc.protection configuration property previously supported specifying a single value: one of authentication, integrity or privacy. An unrecognized value was silently assumed to mean authentication. This configuration property now accepts a comma-separated list of any of the 3 values, and unrecognized values are rejected with an error. Existing configurations containing an invalid value must be corrected. If the property is empty or not specified, authentication is assumed.

      Description

      SASL allows different types of protection are referred to as the quality of protection (qop). It is negotiated between the client and server during the authentication phase of the SASL exchange. Currently hadoop allows specifying a single QOP value via hadoop.rpc.protection.
      The enhancement enables a user to specify multiple QOP values - authentication, integrity, privacy as a comma separated list via hadoop.rpc.protection
      The client and server can have different set of values for hadoop.rpc.protection and they will negotiate to determine the QOP to be used for communication.

        Attachments

        1. HADOOP-10211.patch
          6 kB
          Benoy Antony
        2. HADOOP-10211.patch
          6 kB
          Benoy Antony
        3. HADOOP-10221.sample
          2 kB
          Daryn Sharp
        4. HADOOP-10211.patch
          6 kB
          Benoy Antony
        5. HADOOP-10211.patch
          6 kB
          Benoy Antony
        6. HADOOP-10211.patch
          6 kB
          Benoy Antony

          Issue Links

            Activity

              People

              • Assignee:
                benoyantony Benoy Antony
                Reporter:
                benoyantony Benoy Antony
              • Votes:
                0 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: