[
https://issues.apache.org/jira/browse/GIRAPH-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13404033#comment-13404033
]
Andrew Purtell commented on GIRAPH-211:
---------------------------------------
bq. My first understanding was that we want all the messages which go through
the system to be protected.
What Hadoop did fundamentally is wrap their RPC with SASL at the socket level,
and then could use existing JRE support for SASL negotiation with Kerberos
authentication (and transparent encryption, etc).
Eugene could comment better, but what we did for ZooKeeper, which has IO also
based on Netty, is instead tunnel the SASL authentication handshake as an
extension to the existing protocol, and introduced a mode which requires that
handshake to complete successfully before accepting other message types which
require authenticated access.
> Add secure authentication to GIRAPH IPC
> ---------------------------------------
>
> Key: GIRAPH-211
> URL: https://issues.apache.org/jira/browse/GIRAPH-211
> Project: Giraph
> Issue Type: Improvement
> Reporter: Eugene Koontz
> Assignee: Maja Kabiljo
>
> Gianmarco De Francisci Morales asked on the user list:
> bq. I am getting the exception in the subject when running my giraph program
> bq. on a cluster with Kerberos authentication.
> This leads to the idea of having Kerberos authentication supported within
> GIRAPH. Hopefully it would use our fast GIRAPH-37 IPC, but could also
> interoperate with Hadoop security.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
