[
https://issues.apache.org/jira/browse/HADOOP-9653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13687707#comment-13687707
]
Kai Zheng commented on HADOOP-9653:
-----------------------------------
To securely transmit token in Hadoop RPC in a way the defends against all of
the classical attacks, we might consider SPKM/LIPKEY approach besides the one
SASL over SSL mentioned in HADOOP-9533. Both assumes server certificate and
optionally client certificate. GSS SPKM/LIPKEY mechanism can fit seamlessly in
current SASL RPC authentication framework but might require significant
implementation effort. SSL is another option but has compatibility and
performance challenges. Any thought here?
> Token validation and transmission
> ---------------------------------
>
> Key: HADOOP-9653
> URL: https://issues.apache.org/jira/browse/HADOOP-9653
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Labels: rhino
> Fix For: 3.0.0
>
>
> HADOOP-9392 proposes to have customizable token authenticator for services to
> implement the TokenAuthn method and it was thought supporting pluggable token
> validation is a significant feature itself so it serves to be addressed in a
> separate JIRA. It will also consider how to securely transmit token in Hadoop
> RPC in a way the defends against all of the classical attacks. Note the
> authentication negotiation and wrapping of Hadoop RPC should be backwards
> compatible and interoperable with existing deployments, so therefore be SASL
> based.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
