Xiaoyu Yao created HDFS-13060:
---------------------------------
Summary: Adding a BlacklistBasedTrustedChannelResolver for
TrustedChannelResolver
Key: HDFS-13060
URL: https://issues.apache.org/jira/browse/HDFS-13060
Project: Hadoop HDFS
Issue Type: Bug
Reporter: Xiaoyu Yao
Assignee: Ajay Kumar
HDFS-5920 introduces encryption negotiation between client and server based on
a customizable TrustedChannelResolver class. The TrustedChannelResolver is
invoked on both client and server side. If the resolver indicates that the
channel is trusted, then the data transfer will not be encrypted even if
dfs.encrypt.data.transfer is set to true.
The default trust channel resolver implementation returns false indicating that
the channel is not trusted, which always enables encryption. HDFS-5920 also
added a build-int whitelist based trust channel resolver. It allows you to put
IP address/Network Mask of trusted client/server in whitelist files to skip
encryption for certain traffics.
This ticket is opened to add a blacklist based trust channel resolver for cases
only certain machines (IPs) are untrusted without adding each trusted IP
individually.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
