[
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13669723#comment-13669723
]
Luke Lu commented on HADOOP-9421:
---------------------------------
bq. I still think there's confusion here. I'm not proposing per-call SASL
I know what you're trying to do. You're overloading the protobuf rpc headers (a
specific rpc impl detail) for sasl exchange, which I think is a confusing idea
that prohibit clean separation of session/auth and rpc, which is required for
multiple rpc engine support.
bq. The session idea is interesting, but it closes the door on the server
requiring multiple mechanisms.
No it doesn't close the door. You can have arbitrary sasl mechanisms to
establish an session.
bq. If I have a process servicing multiple UGIs, I doesn't necessarily want
that process to have hdfs "root" privileges
I think you're confusing proxy user with hdfs "root". Proxy user has well
defined mechanisms (ACLs) to restrict what a particular user can impersonate,
which is already audit logged.
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
> Key: HADOOP-9421
> URL: https://issues.apache.org/jira/browse/HADOOP-9421
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 2.0.3-alpha
> Reporter: Sanjay Radia
> Assignee: Daryn Sharp
> Attachments: HADOOP-9421.patch, HADOOP-9421.patch,
> HADOOP-9421-v2-demo.patch
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
