[
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13669681#comment-13669681
]
Daryn Sharp commented on HADOOP-9421:
-------------------------------------
I still think there's confusion here. I'm not proposing per-call SASL. The
SASL negotiation sequence is wrapped in a fake callId in response to the
connection header. It will simplify the client & server and open future
possibilities.
The session idea is interesting, but it closes the door on the server requiring
multiple mechanism - ex. with all the other auth suggestions, maybe if the
server auths a token, it will want to demand auth of an identity token or
similar.
I'm not sure using proxy/super-user authentication is desirable for
multiplexing. If I have a process servicing multiple UGIs, I doesn't
necessarily want that process to have hdfs "root" privileges. I want each
multiplexed connection to use its specific token. For multiplexing to be
feasible and remain async, the server must be able to determine what each
received packet is - rpc call or sasl auth call.
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
> Key: HADOOP-9421
> URL: https://issues.apache.org/jira/browse/HADOOP-9421
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 2.0.3-alpha
> Reporter: Sanjay Radia
> Assignee: Daryn Sharp
> Attachments: HADOOP-9421.patch, HADOOP-9421.patch,
> HADOOP-9421-v2-demo.patch
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
