[HDFS-13081] Datanode#checkSecureConfig should allow SASL and privileged HTTP - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0
Fix Version/s: 3.1.0, 3.0.3
Component/s: datanode, security
Labels:
None

Hadoop Flags:

Reviewed

Description

Datanode#checkSecureConfig currently check the following to determine if secure datanode is enabled.

The server has bound to privileged ports for RPC and HTTP via SecureDataNodeStarter.
The configuration enables SASL on DataTransferProtocol and HTTPS (no plain HTTP) for the HTTP server.

Authentication of Datanode RPC server can be done either via SASL handshake or JSVC/privilege RPC port.
This guarantees authentication of the datanode RPC server before a client transmits a secret, such as a block access token.

Authentication of the HTTP server can also be done either via HTTPS/SSL or JSVC/privilege HTTP port. This guarantees authentication of datandoe HTTP server before a client transmits a secret, such as a delegation token.

This ticket is open to allow privileged HTTP as an alternative to HTTPS to work with SASL based RPC protection.

cc: cnauroth , daryn, jnpandey for additional feedback.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-13081.000.patch
01/Feb/18 20:40
4 kB
Ajay Kumar
HDFS-13081.001.patch
14/Feb/18 22:11
12 kB
Ajay Kumar
HDFS-13081.002.patch
15/Feb/18 23:27
12 kB
Ajay Kumar
HDFS-13081.003.patch
27/Feb/18 18:43
12 kB
Ajay Kumar
HDFS-13081.004.patch
27/Feb/18 20:41
12 kB
Ajay Kumar
HDFS-13081.005.patch
27/Feb/18 21:35
12 kB
Ajay Kumar
HDFS-13081.006.patch
28/Feb/18 00:15
12 kB
Ajay Kumar

Issue Links

blocks

AMBARI-22981 Update Hadoop RPC Encryption Properties During Upgrade

Resolved

Activity

People

Assignee:: Ajay Kumar

Reporter:: Xiaoyu Yao

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 29/Jan/18 20:15

Updated:: 15/Oct/19 20:57

Resolved:: 28/Feb/18 18:28