[jira] [Commented] (HADOOP-9421) Add full length to SASL response to allow non-blocking readers

Sat, 13 Apr 2013 16:48:16 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13631228#comment-13631228
 ] 

Luke Lu commented on HADOOP-9421:
---------------------------------

Thanks for the detailed comment Daryn. I think the motivation for the change is 
pretty clear. OTOH, the current sasl exchange minimizes network round trips for 
typical use cases (both client and server are configured with either simple or 
secure with GSSAPI/krb5 or Digest-MD5/dt). I'd like to preserve that property. 
Your proposal will need extra round trips for a map/reduce task to talk to a 
name node depending on the order of the mechanism/protocol configured at the 
server side, which is annoying considering thousands of tasks launching on 
large clusters. 

How about:
* client requests (mechanism, protocol, ...) sent in the same packet as the 
connection header
* if server supports the client preferred mechanism, exchange continues until 
server responds with
** (status-ok) if authenticated
** (status-error, error-message)
* if server doesn't support the client preferred mechanism
** server responds with (status-challenge, (mechanism, protocol)+, token*)
** client picks one of the supported mechanisms, exchange continues until 
server responds with ok/error.

This way, extra (besides required by sasl exchange) round trips are minimized, 
no matter how many number of sasl mechanisms are configured at the server side.

+1 for the server provided service/server id/name.
                
> Add full length to SASL response to allow non-blocking readers
> --------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Junping Du
>         Attachments: HADOOP-9421.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to