[
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13669286#comment-13669286
]
Daryn Sharp commented on HADOOP-9421:
-------------------------------------
bq. The main problem with mixing SASL exchange with RPC engine is that's
architecturally and semantically unsound
I differ in opinion. This is our last shot for a long time to make RPC
changes, so we should make it as flexible as possible.
* SASL should ideally be a detail of RPC calls instead of only an initial
connection detail (important for following points)
* Perhaps certain RPC calls shouldn't require SASL, like simple status
requests, but others will
* Server should be able to issue SASL challenges mid-stream, perhaps after a
connection has been open for an extended time, or to allow restricted
super-user operations like chown
* Likewise, server should be able to issue multiple SASL challenges after one
mechanism completes. Perhaps using a certain token requires a subsequent SASL
mechanism.
* Out of band SASL auth (not distinguishable from actual RPC calls) precludes
multiplexing multiple UGIs over a single connection - a concept y! has
internally contemplated.
bq. RPC engine should be constructed based on the IpcSerializationType, which
is now render completely useless
Agreed, but it's already useless. The the RPC request/response header must be
protobuf. The serialization of call/response payload appears to be
configurable, but the server doesn't allow non-protobuf. If different
serializations are ever supported, we can change SASL at that time.
bq. Jamming a session concept like SASL into a RPC call (with a fake call id
(-33) to boot) is an ugly hack that puts a square peg in a round hole.
Agreed about -33, but it's already there on the server-side so I used it to
minimize the client-side change. I originally started by adding a sasl auth to
RpcStatusProto, so I can change it.
bq. TestSaslRpc{Client,Server} should be unit testable
Maybe I missed them, but I didn't see tests for the actual wire data? The
existing SASL tests cover the gamut of the negotiation matrix.
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
> Key: HADOOP-9421
> URL: https://issues.apache.org/jira/browse/HADOOP-9421
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 2.0.3-alpha
> Reporter: Sanjay Radia
> Assignee: Daryn Sharp
> Attachments: HADOOP-9421.patch, HADOOP-9421.patch,
> HADOOP-9421-v2-demo.patch
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
