[jira] [Commented] (STORM-348) (Security) Netty SASL Authentication

Tue, 22 Jul 2014 13:51:19 -0700 

    [ 
https://issues.apache.org/jira/browse/STORM-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14070878#comment-14070878
 ] 

ASF GitHub Bot commented on STORM-348:
--------------------------------------

GitHub user RaghavendraNandagopal opened a pull request:

    https://github.com/apache/incubator-storm/pull/202

    STORM-348: Netty SASL Authentication

    Hi Bobby,
      I have made the changes for the SASL Netty Authentication.  Currently the 
credentials used is with the topology name, but I thought I would be using 
Kerberos token instead as we agreed I will use randomly generated credentials 
that are kept in zookeeper.  I will try to find it out which method to call or 
if you can help me out it would be great.  In the meantime you can review the 
changes.
    
     I have tested the changes but didn't create the unit tests.  I will create 
a separate JIRA for unit test and get it done.  I am learning Clojure and will 
get it done soon.
    
    Thanks,
    Raghavendra Nandagopal

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/RaghavendraNandagopal/incubator-storm security

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-storm/pull/202.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #202
    
----
commit 41986445fb89ff77c101fcdd6daccb945160e8a9
Author: Raghavendra Nandagopal <[email protected]>
Date:   2014-07-22T20:20:54Z

    STORM-348: Netty SASL Authentication

----


> (Security) Netty SASL Authentication
> ------------------------------------
>
>                 Key: STORM-348
>                 URL: https://issues.apache.org/jira/browse/STORM-348
>             Project: Apache Storm (Incubating)
>          Issue Type: Bug
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>              Labels: security
>         Attachments: Storm-Netty Authentication.pdf
>
>
> Currently The Netty transport does no authentication at all.  You can encrypt 
> the tuples being sent, but that is a huge performance hit for many cases that 
> do not need it.  We should support simple SASL authentication when Netty 
> first connects to an external process.  We probably want to use something 
> similar to what we do for ZK, and generate a random secret for each topology.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to