Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10211

Enable RPC protocol to negotiate SASL-QOP values between clients and servers

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.2.0
    • 2.4.0
    • security
    • None
    • Reviewed
    • Hide
      The hadoop.rpc.protection configuration property previously supported specifying a single value: one of authentication, integrity or privacy. An unrecognized value was silently assumed to mean authentication. This configuration property now accepts a comma-separated list of any of the 3 values, and unrecognized values are rejected with an error. Existing configurations containing an invalid value must be corrected. If the property is empty or not specified, authentication is assumed.
      Show
      The hadoop.rpc.protection configuration property previously supported specifying a single value: one of authentication, integrity or privacy. An unrecognized value was silently assumed to mean authentication. This configuration property now accepts a comma-separated list of any of the 3 values, and unrecognized values are rejected with an error. Existing configurations containing an invalid value must be corrected. If the property is empty or not specified, authentication is assumed.

    Description

      SASL allows different types of protection are referred to as the quality of protection (qop). It is negotiated between the client and server during the authentication phase of the SASL exchange. Currently hadoop allows specifying a single QOP value via hadoop.rpc.protection.
      The enhancement enables a user to specify multiple QOP values - authentication, integrity, privacy as a comma separated list via hadoop.rpc.protection
      The client and server can have different set of values for hadoop.rpc.protection and they will negotiate to determine the QOP to be used for communication.

      Attachments

        1. HADOOP-10221.sample
          2 kB
          Daryn Sharp
        2. HADOOP-10211.patch
          6 kB
          Benoy Antony
        3. HADOOP-10211.patch
          6 kB
          Benoy Antony
        4. HADOOP-10211.patch
          6 kB
          Benoy Antony
        5. HADOOP-10211.patch
          6 kB
          Benoy Antony
        6. HADOOP-10211.patch
          6 kB
          Benoy Antony

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10391 HADOOP-10211 change for comma-separated list of QOP values broke backwards-compatibility with existing configs.

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. SPARK-5111 HiveContext and Thriftserver cannot work in secure cluster beyond hadoop2.5

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HIVE-6987 Metastore qop settings won't work with Hadoop-2.4

          • Major - Major loss of function.
          • Closed
          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-10221 Add a plugin to specify SaslProperties for RPC protocol based on connection properties

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-10057 Add ability in Hadoop servers (Namenode, JobTracker, Datanode ) to support multiple QOP (Authentication , Privacy) simultaneously

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              benoyantony Benoy Antony
              benoyantony Benoy Antony
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: