[
https://issues.apache.org/jira/browse/HADOOP-10221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902179#comment-13902179
]
Daryn Sharp commented on HADOOP-10221:
--------------------------------------
Bad memories are flooding back. The static nature of the QOPs is a big
pre-existing problem. If we are going to expose a publicly supported
interface, we need to avoid locking-in the current bad behavior. Fixing it
later will likely cause incompatibilities.
The static nature of the QOP causes servers to step all over each other's
required settings. One RPC server can accidentally upgrade or downgrade the
protections that another service intended. One resolver might be surprised
another resolver squished the default values, etc. A daemon with RPC servers
may be shocked to find that a RPC client re-init the static QOP too - which may
effectively disable the QOP settings the server(s) expected!
> Add a plugin to specify SaslProperties for RPC protocol based on connection
> properties
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-10221
> URL: https://issues.apache.org/jira/browse/HADOOP-10221
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.2.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10221.patch, HADOOP-10221.patch
>
>
> Add a plugin to specify SaslProperties for RPC protocol based on connection
> properties.
> HADOOP-10211 enables client and server to specify and support multiple QOP.
> Some connections needs to be restricted to a specific set of QOP based on
> connection properties.
> Eg. connections from client from a specific subnet needs to be encrypted
> (QOP=privacy)
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
