[jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing

Thu, 20 Jun 2013 11:29:36 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689490#comment-13689490
 ] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

I'm referring to the roundtrip your patch introduces by responding with 
negotiate if it's a non-token auth.

The client can't chose the best auth, or even know the supported auths, if it's 
already guessed prior to connection.  How will the client know whether the 
server does DIGEST-MD5 or SCRAM for tokens?  It won't work in a mixed 
environment.

Eliminating use_ip is not related to the mech.  A server hint is for the token 
selection itself instead of the fragile way tokens are currently selected.  
Tokens are completely sensitive to multi-interface hosts, and different 
hostnames for the same machine.

IP failover with a shared principal isn't an option, at least for us.  A shared 
principal prevents direct communication with the HA NNs because the client will 
use the actual host's principal, not the shared principal.  Which also means 
DNs can't heartbeat into both NNs w/o hardcoding in the config, which may be 
problematic for federation + HA.

The roundtrip reduction "hack" is a feature that can be extended to any sasl 
mechanism that can initiate.

The point you keep missing is +the client can't guess an auth method+ but you 
keep focusing on retaining that behavior.  We need to resolve this with the 
offline call today.
                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, 
> HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, 
> HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to