[jira] [Created] (HDFS-17669) Do not reqest SASL QOP when using CryptoInput/OutputStream

Istvan Toth (Jira) Tue, 19 Nov 2024 00:27:05 -0800

Istvan Toth created HDFS-17669:
----------------------------------

             Summary: Do not reqest SASL QOP when using CryptoInput/OutputStream
                 Key: HDFS-17669
                 URL: https://issues.apache.org/jira/browse/HDFS-17669
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: security
            Reporter: Istvan Toth



CryptoInputStream/CryptioOutputStream does not depend on SASL functionality, 
yet HDFS requests "auth-conf" QOP when negotatiating it.

This artifically limits using it with SASL mechanisms that do not natively 
support encryption.

Hadoop should only set the QOP if it is configured to use native SASL 
encryption. (i.e. if  dfs.encrypt.data.transfer is false)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

[jira] [Created] (HDFS-17669) Do not reqest SASL QOP when using CryptoInput/OutputStream

Reply via email to