Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13081

Datanode#checkSecureConfig should allow SASL and privileged HTTP

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.0.0
    • 3.1.0, 3.0.3
    • datanode, security
    • None
    • Reviewed

    Description

      Datanode#checkSecureConfig currently check the following to determine if secure datanode is enabled. 

      1. The server has bound to privileged ports for RPC and HTTP via SecureDataNodeStarter.
      2. The configuration enables SASL on DataTransferProtocol and HTTPS (no plain HTTP) for the HTTP server.

      Authentication of Datanode RPC server can be done either via SASL handshake or JSVC/privilege RPC port.
      This guarantees authentication of the datanode RPC server before a client transmits a secret, such as a block access token.

      Authentication of the HTTP server can also be done either via HTTPS/SSL or JSVC/privilege HTTP port. This guarantees authentication of datandoe HTTP server before a client transmits a secret, such as a delegation token.

      This ticket is open to allow privileged HTTP as an alternative to HTTPS to work with SASL based RPC protection.
       
      cc: Chris NaurothDaryn Sharp, Jitendra Nath Pandey for additional feedback.

       

      Attachments

        1. HDFS-13081.000.patch
          4 kB
          Ajay Kumar
        2. HDFS-13081.001.patch
          12 kB
          Ajay Kumar
        3. HDFS-13081.002.patch
          12 kB
          Ajay Kumar
        4. HDFS-13081.003.patch
          12 kB
          Ajay Kumar
        5. HDFS-13081.004.patch
          12 kB
          Ajay Kumar
        6. HDFS-13081.005.patch
          12 kB
          Ajay Kumar
        7. HDFS-13081.006.patch
          12 kB
          Ajay Kumar

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ajayydv Ajay Kumar
            xyao Xiaoyu Yao
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment