[
https://issues.apache.org/jira/browse/HADOOP-8999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13488433#comment-13488433
]
Kan Zhang commented on HADOOP-8999:
-----------------------------------
I doubt the null needs to be returned to SaslClient. See the following javadoc
for SaslServer. If you hit this problem on trunk, I'd check to see if your
recent changes (HADOOP-8783 and HADOOP-8784) caused a mismatch between Client
and Server, one is expecting to do SASL, while the other isn't. Just a thought.
{quote}
/**
98 * Evaluates the response data and generates a challenge.
99 *
100 * If a response is received from the client during the
authentication
101 * process, this method is called to prepare an appropriate next
102 * challenge to submit to the client. The challenge is null if the
103 * authentication has succeeded and no more challenge data is to be
sent
104 * to the client. It is non-null if the authentication must be
continued
105 * by sending a challenge to the client, or if the authentication
has
106 * succeeded but challenge data needs to be processed by the client.
107 * <tt>isComplete()</tt> should be called
108 * after each call to <tt>evaluateResponse()</tt>,to determine if
any further
109 * response is needed from the client.
110 *
111 * @param response The non-null (but possibly empty) response sent
112 * by the client.
113 *
114 * @return The possibly null challenge to send to the client.
115 * It is null if the authentication has succeeded and there is
116 * no more challenge data to be sent to the client.
117 * @exception SaslException If an error occurred while processing
118 * the response or generating a challenge.
119 */
120 public abstract byte[] evaluateResponse(byte[] response)
121 throws SaslException;
{quote}
> SASL negotiation is flawed
> --------------------------
>
> Key: HADOOP-8999
> URL: https://issues.apache.org/jira/browse/HADOOP-8999
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
>
> The RPC protocol used for SASL negotiation is flawed. The server's RPC
> response contains the next SASL challenge token, but a SASL server can return
> null (I'm done) or a N-many byte challenge. The server currently will not
> send a RPC success response to the client if the SASL server returns null,
> which causes the client to hang until it times out.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
