[
https://issues.apache.org/jira/browse/HADOOP-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12800047#action_12800047
]
Kan Zhang commented on HADOOP-6419:
-----------------------------------
> I suspect that all of the SASL code could be pulled into a SocketFactory and
> ServerSocketFactory [ ... ]
It would be great if we could do so. I think it's possible on the client side.
However, on the server side, since we use non-blocking IO and the RPC listener
thread does all the connection setup and reading, it won't save much even if we
try to move SASL related code to a sperate file since the listener thread still
has to be aware of whether the incoming connection is a SASL connection and act
accordingly.
> Change RPC layer to support SASL/token based mutual authentication
> ------------------------------------------------------------------
>
> Key: HADOOP-6419
> URL: https://issues.apache.org/jira/browse/HADOOP-6419
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6419-26.patch
>
>
> The authentication mechanism to use will be SASL DIGEST-MD5 (see RFC-2222 and
> RFC-2831). Since J2SE 5, Sun provides a SASL implementation by default. Both
> our delegation token and job token can be used as credentials for SASL
> DIGEST-MD5 authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
