[jira] [Commented] (HADOOP-9421) Convert SASL to use ProtoBuf and add lengths for non-blocking processing

Thu, 20 Jun 2013 23:31:46 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13690066#comment-13690066
 ] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

bq. If we have to replace Digest-MD5 for security reasons, we'll be SOL.

That's completely untrue.  There is nothing in the protocol that would prevent 
SCRAM being supported.

{noformat}
C -> S connectionHeader(SASL)
C <- S NEGOTIATE { [TOKEN, SCRAM, proto, serverId], ... }
C -> S INITIATE [TOKEN] initial-response
{noformat}

bq. I merely want to leave the optional client initiate proto in the protocol 
for future optimizations

In light of everything I've described, please detail what future optimization 
is possible?

Please answer, how is the client capable of:
* Guessing a supported auth
* Guessing the supported mechanism for guessed auth
* Based on those guesses, reliably creating a SASL client to generate a SASL 
response
* Dealing with the mishaps when the client blows itself up trying an auth the 
server doesn't even support

Notably, describe how you would handle the problems I detailed regarding a 
client failing if it even attempts kerberos with a non-kerberos server.  It 
won't even succeed far enough to send the INITIATE.
                
> Convert SASL to use ProtoBuf and add lengths for non-blocking processing
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, 
> HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, 
> HADOOP-9421.patch, HADOOP-9421-v2-demo.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to