[jira] [Commented] (HADOOP-7510) Tokens should use original hostname provided instead of ip

Fri, 02 Sep 2011 12:09:34 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-7510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13096218#comment-13096218
 ] 

Daryn Sharp commented on HADOOP-7510:
-------------------------------------

Actually, the contrived case isn't a problem because any permutation of old/new 
works.  Everything that gets a token immediately stomps the service to its 
format.  Both sides always ignore what the other side set.

The suggested approach won't handle all use cases.  One problem with the 
current implementation, but fixed by this patch, is that I can't specify an 
exact ip for a host and always have that ip used.  The ip will be resolved to a 
host, and the host resolved to an ip.  The problem is that ip->host->ip may not 
return the same ip!

With the static {{TokenSelector}} cache, there's issues with how to handle 
multiple ip changes.  The cache lookup will have to deal with circular loops.  
There would also need to be something like reference counting to expire the 
cache.  Multiple tokens may be relying on the mappings being maintained in the 
{{TokenSelector}}.

Certain code expects to be able to connect to the value in the service field.  
There would need to be a mapping that maintained the token ip to the original 
host or ip, and if a host, re-resolve the host to its current ip.

Unless I'm misunderstanding the proposal, it sounds much more complicated than 
this patch?

> Tokens should use original hostname provided instead of ip
> ----------------------------------------------------------
>
>                 Key: HADOOP-7510
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7510
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>             Fix For: 0.20.205.0
>
>         Attachments: HADOOP-7510.patch
>
>
> Tokens currently store the ip:port of the remote server.  This precludes 
> tokens from being used after a host's ip is changed.  Tokens should store the 
> hostname used to make the RPC connection.  This will enable new processes to 
> use their existing tokens.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to