[
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689870#comment-13689870
]
Luke Lu commented on HADOOP-9421:
---------------------------------
My "simple to \*" is equivalent Daryn's. Note, consecutive C -> S can be merged
into one TCP packet.
SASL to insecure
{code}
C -> S connectionHeader(SASL), INITIATE(optional initial token)
C <- S SUCCESS
C -> S connectionContext, RPC request
{code}
SASL to secure
{code}
C -> S connectionHeader(SASL), INITIATE(optional initial token, [(TOKEN,
DIGEST-MD5)])
C <- S CHALLENGE(challenge-token) or NEGOTIATE([(TOKEN, DIGEST-MD5), (KERBEROS,
GSSAPI), ...])
C -> S RESPONSE(response-token) or REINITIATE(initial token, [(TOKEN,
DIGEST-MD5)])
...
C <- S SUCCESS(final-token)
C -> S connectionContext, RPC request
{code}
Bottom line: my patch is a strict superset of Daryn's patch from protocol POV.
The keyward is *optional* client initiate. Daryn's protocol can *not* support
SCRAM (or any modern auths requiring client nonce) without an extra round-trip.
Most of the credit of my patch goes to Daryn, as adding optional client
initiate is simple (only a few extra lines).
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
> Key: HADOOP-9421
> URL: https://issues.apache.org/jira/browse/HADOOP-9421
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 2.0.3-alpha
> Reporter: Sanjay Radia
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
> HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch,
> HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
