[
https://issues.apache.org/jira/browse/HADOOP-9698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13716666#comment-13716666
]
Daryn Sharp commented on HADOOP-9698:
-------------------------------------
Late last year I was working on tokens for non-secure clusters by adding the
SASL PLAIN auth - since SASL = security which would leave SIMPLE alone. I plan
to finish this work in the near future.
I had contemplated making SIMPLE use the PLAIN mechanism to make everything
SASL which makes clients always try to get a token. Then we could also use the
authz field of SASL (we currently set to null) to pass the effective user, thus
eliminating the need for the connection context. I decided against it for now,
since I think it can be a backwards compatible change in the future whereby the
server won't expect a connection context if the authz user is non-null. But I
digress.
> RPCv9 client must honor server's SASL negotiate response
> --------------------------------------------------------
>
> Key: HADOOP-9698
> URL: https://issues.apache.org/jira/browse/HADOOP-9698
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc
> Affects Versions: 3.0.0, 2.1.0-beta
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-9698.patch
>
>
> As of HADOOP-9421, a RPCv9 server will advertise its authentication methods.
> This is meant to support features such as IP failover, better token
> selection, and interoperability in a heterogenous security environment.
> Currently the client ignores the negotiate response and just blindly attempts
> to authenticate instead of choosing a mutually agreeable auth method.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
