[
https://issues.apache.org/jira/browse/HADOOP-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12802454#action_12802454
]
Doug Cutting commented on HADOOP-6419:
--------------------------------------
Looking at the most recent patch, it appear to me that:
- AuthMethod and SaslDigestCallbackHandler could be independent of
Server.java. The constructor for the latter would need to accept a
secretManager. Can we please move these to a SaslRpcServer utility class?
- similarly, SaslClientCallbackHandler, initSASLContext could be independent
of Client.java, where the latter could return the saslClient instance. These
might move to a SaslRpcClient utility class.
We could refactor these out of Client.java and Server.java later, but in the
meantime folks might inadvertantly take advantage of the fact that they're in
the same file and make refactoring later more difficult. So I'd rather they
were in separate classes now. The abstractions may not be perfect for other
client and server implementations, but we can address that later, when we add
such implementations. I'd just like to keep the authentication logic as
independent from the RPC logic as possible.
> Change RPC layer to support SASL/token based mutual authentication
> ------------------------------------------------------------------
>
> Key: HADOOP-6419
> URL: https://issues.apache.org/jira/browse/HADOOP-6419
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6419-26.patch, c6419-39.patch
>
>
> The authentication mechanism to use will be SASL DIGEST-MD5 (see RFC-2222 and
> RFC-2831). Since J2SE 5, Sun provides a SASL implementation by default. Both
> our delegation token and job token can be used as credentials for SASL
> DIGEST-MD5 authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
