[jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing

Fri, 14 Jun 2013 16:07:17 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13683896#comment-13683896
 ] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

Given today's network speeds, I'm not going to fret over a handful of bytes 
that greatly enhance the design of the authentication layer.

I did extensive testing with a more advanced follow on patch that instantiates 
the SASL client upon receipt of the NEGOTIATE.  That patch resulted in an 
average 1% penalty and a median 2% penalty to the first RPC call using kerberos 
authentication - which translates to less than 10ms.  That held true while 
issuing concurrent calls up until the number of socket readers.  Once the 
number of socket readers is exceeded, performance drops off so sharply that any 
penalty is lost in the statistical noise.

Assuming the penalty is entirely due to the additional NEGOTIATE response, I 
can likely erase it by removing the unnecessary connection context.  We're 
passing null for the SASL authz user when it could be the effective user.  
SIMPLE is the only "auth" that actually requires the context context, but that 
could be a special case (as it already is in many ways) or could be replaced 
with SASL PLAIN which simply sends the effective and real user separated by 
null bytes.

Note this patch does have a minor issue with kerberos where the client is 
confused about the state of negotiation after it completes.

                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, 
> HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to