[
https://issues.apache.org/jira/browse/HADOOP-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12828662#action_12828662
]
Owen O'Malley commented on HADOOP-6419:
---------------------------------------
Did you intend to leave all of the logging levels at all in your TestSaslRpc or
was that for your own debugging?
I'd suggest that disposeSasl set the saslClient (or saslServer) to null after
it has been disposed, unless you are sure that disposing of it a second time is
ignored.
A quibble is that your regex for splitting principal names would be easier to
read as "[/@]" instead of "(/|@)". It should however, be pulled out into a
utility function, since you do it a couple of places in the code.
Does it matter that we don't allow server principals like "[email protected]" and
insist on "a/[email protected]"? Does SASL insist on it? It is certainly the standard
practice, but we are forcing it as a requirement.
Instead of throwing IOException with an authorization failure, please use
hadoop.security.AccessControlException.
> Change RPC layer to support SASL based mutual authentication
> ------------------------------------------------------------
>
> Key: HADOOP-6419
> URL: https://issues.apache.org/jira/browse/HADOOP-6419
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6419-26.patch, c6419-39.patch, c6419-45.patch,
> c6419-66.patch, c6419-67.patch, c6419-69.patch, c6419-70.patch,
> c6419-72.patch, c6419-73.patch
>
>
> The authentication mechanism to use will be SASL DIGEST-MD5 (see RFC-2222 and
> RFC-2831) or SASL GSSAPI/Kerberos. Since J2SE 5, Sun provides a SASL
> implementation by default. Both our delegation token and job token can be
> used as credentials for SASL DIGEST-MD5 authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
