Benoy Antony created HADOOP-9709:
------------------------------------
Summary: Add ability in Hadoop servers (Namenode, Datanode,
ResourceManager ) to support multiple QOP (Authentication , Privacy)
Key: HADOOP-9709
URL: https://issues.apache.org/jira/browse/HADOOP-9709
Project: Hadoop Common
Issue Type: New Feature
Reporter: Benoy Antony
Assignee: Benoy Antony
Hadoop Servers currently support only one QOP for the whole cluster.
We want Hadoop servers to support different quality of protection at the same
time. This will enable different clients to use a different QOP.
A simple usecase will be to define two QOP .
1. Authentication
2. Privacy (Privacy includes Authentication) .
The Hadoop servers and internal clients does Authentication without incurring
cost of encryption. External clients use Privacy.
The hadoop servers and internal clients are inside the firewall. External
clients are outside the firewall.
As an enhancement , it is possible to add a pluggable check (eg. IP whitelist)
to identify internal and external clients.
The implementation is simple.
Each Hadoop server listens on two ports by configuration with different QOP.
The servers - NameNode, DataNode, ResourceManager listen on two ports (much
like 80(http) and 443(https)) for RPC and Streaming. ApplicationMaster uses a
range of ports for privacy and non-privacy and picks up a port and QOP based on
client's config.
The clients specify the port which they are suppose to connect to. Clients
specify the rpc protection as well encryption policy for streaming layer.
This is an umbrella jira .
I have divided this feature into multiple small tasks. I'll add testcases once
the approach is reviewed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
