[
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689208#comment-13689208
]
Daryn Sharp commented on HADOOP-9421:
-------------------------------------
bq. Only works with token auths that use digest-md5, will require major
protocol change to optimize for SCRAM (modern digest-md5 replacement) or
Kerberos and anything SASL mechanisms that hasInitialResponse.
A "major protocol change" will not be required for other auths. The client is
properly coded to handle the server providing an initial challenge for any
auth, but the server currently only does it for tokens. When the server auths
become extensible, additional initial challenges can be added w/o changing the
client. Ie. It's forward compatible.
I did not generate an initial challenge for kerberos because the SASL mechanism
does not support it. An exception is thrown if you try.
This is intended to be a minimal change to provide a base implementation for
future work. I thought everybody would be satisfied by removal of an existing
round trip to offset the negotiate response?
I'll look at your modifications to the patch.
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
> Key: HADOOP-9421
> URL: https://issues.apache.org/jira/browse/HADOOP-9421
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 2.0.3-alpha
> Reporter: Sanjay Radia
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
> HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
> HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
