[HADOOP-10221] Add a plugin to specify SaslProperties for RPC protocol based on connection properties - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 2.4.0
Component/s: security
Labels:
None

Target Version/s:

2.4.0
Hadoop Flags:

Reviewed
Release Note:

Hide
SaslPropertiesResolver or its subclass is used to resolve the QOP used for a connection. The subclass can be specified via "hadoop.security.saslproperties.resolver.class" configuration property. If not specified, the full set of values specified in hadoop.rpc.protection is used while determining the QOP used for the connection. If a class is specified, then the QOP values returned by the class will be used while determining the QOP used for the connection.

Note that this change, effectively removes SaslRpcServer.SASL_PROPS which was a public field. Any use of this variable should be replaced with the following code:
SaslPropertiesResolver saslPropsResolver = SaslPropertiesResolver.getInstance(conf);
Map<String, String> sasl_props = saslPropsResolver.getDefaultProperties();

Show
SaslPropertiesResolver or its subclass is used to resolve the QOP used for a connection. The subclass can be specified via "hadoop.security.saslproperties.resolver.class" configuration property. If not specified, the full set of values specified in hadoop.rpc.protection is used while determining the QOP used for the connection. If a class is specified, then the QOP values returned by the class will be used while determining the QOP used for the connection. Note that this change, effectively removes SaslRpcServer.SASL_PROPS which was a public field. Any use of this variable should be replaced with the following code: SaslPropertiesResolver saslPropsResolver = SaslPropertiesResolver.getInstance(conf); Map<String, String> sasl_props = saslPropsResolver.getDefaultProperties();

Description

Add a plugin to specify SaslProperties for RPC protocol based on connection properties.

~~HADOOP-10211~~ enables client and server to specify and support multiple QOP. Some connections needs to be restricted to a specific set of QOP based on connection properties.
Eg. connections from client from a specific subnet needs to be encrypted (QOP=privacy)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-10221.patch
19/Mar/14 18:51
18 kB
Benoy Antony
HADOOP-10221.patch
18/Mar/14 17:13
18 kB
Benoy Antony
HADOOP-10221.patch
10/Mar/14 19:44
19 kB
Benoy Antony
HADOOP-10221.patch
07/Mar/14 20:49
19 kB
Benoy Antony
HADOOP-10221.patch
07/Mar/14 20:40
19 kB
Benoy Antony
HADOOP-10221.no-static.example
06/Mar/14 22:50
11 kB
Daryn Sharp
HADOOP-10221.patch
06/Mar/14 21:09
17 kB
Benoy Antony
HADOOP-10221.patch
06/Mar/14 19:29
18 kB
Benoy Antony
HADOOP-10221.patch
06/Mar/14 00:09
18 kB
Benoy Antony
HADOOP-10221.patch
18/Feb/14 23:11
16 kB
Benoy Antony
HADOOP-10221.patch
10/Feb/14 20:36
16 kB
Benoy Antony
HADOOP-10221.patch
10/Jan/14 21:35
15 kB
Benoy Antony

Issue Links

depends upon

HADOOP-10211 Enable RPC protocol to negotiate SASL-QOP values between clients and servers

Closed

is depended upon by

HADOOP-10335 An ip whitelist based implementation to resolve Sasl properties per connection

Closed

is related to

HADOOP-10547 Give SaslPropertiesResolver.getDefaultProperties() public scope

Closed

relates to

HDFS-5910 Enhance DataTransferProtocol to allow per-connection choice of encryption/plain-text

Closed

HADOOP-10451 Remove unused field and imports from SaslRpcServer

Closed

Activity

People

Assignee:: Benoy Antony

Reporter:: Benoy Antony

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 10/Jan/14 21:31

Updated:: 04/Sep/14 01:16

Resolved:: 19/Mar/14 20:20