Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13081

Datanode#checkSecureConfig should allow SASL and privileged HTTP

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.1.0, 3.0.3
    • Component/s: datanode, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Datanode#checkSecureConfig currently check the following to determine if secure datanode is enabled. 

      1. The server has bound to privileged ports for RPC and HTTP via SecureDataNodeStarter.
      2. The configuration enables SASL on DataTransferProtocol and HTTPS (no plain HTTP) for the HTTP server.

      Authentication of Datanode RPC server can be done either via SASL handshake or JSVC/privilege RPC port.
      This guarantees authentication of the datanode RPC server before a client transmits a secret, such as a block access token.

      Authentication of the HTTP server can also be done either via HTTPS/SSL or JSVC/privilege HTTP port. This guarantees authentication of datandoe HTTP server before a client transmits a secret, such as a delegation token.

      This ticket is open to allow privileged HTTP as an alternative to HTTPS to work with SASL based RPC protection.
       
      cc: Chris NaurothDaryn Sharp, Jitendra Nath Pandey for additional feedback.

       

        Attachments

        1. HDFS-13081.006.patch
          12 kB
          Ajay Kumar
        2. HDFS-13081.005.patch
          12 kB
          Ajay Kumar
        3. HDFS-13081.004.patch
          12 kB
          Ajay Kumar
        4. HDFS-13081.003.patch
          12 kB
          Ajay Kumar
        5. HDFS-13081.002.patch
          12 kB
          Ajay Kumar
        6. HDFS-13081.001.patch
          12 kB
          Ajay Kumar
        7. HDFS-13081.000.patch
          4 kB
          Ajay Kumar

          Issue Links

            Activity

              People

              • Assignee:
                ajayydv Ajay Kumar
                Reporter:
                xyao Xiaoyu Yao
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: