[
https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12868936#action_12868936
]
Devaraj Das commented on HDFS-1150:
-----------------------------------
bq. Also, where is the equivalent fix for the TaskTracker? Is anything
preventing a TaskTracker from giving bad input to a task?
Actually, all the RPCs are mutually authenticated via Sasl-Digest
authentication. The shuffle communications are also mutually authenticated. So
the Task<->TaskTracker communications are secured. In the datanode case, the
data transfer protocol does not use the regular Hadoop RPC. Hence, we need to
handle it differently..
> Verify datanodes' identities to clients in secure clusters
> ----------------------------------------------------------
>
> Key: HDFS-1150
> URL: https://issues.apache.org/jira/browse/HDFS-1150
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: data-node
> Affects Versions: 0.22.0
> Reporter: Jakob Homan
> Assignee: Jakob Homan
> Attachments: commons-daemon-1.0.2-src.tar.gz,
> HDFS-1150-BF1-Y20.patch, hdfs-1150-bugfix-1.1.patch,
> hdfs-1150-bugfix-1.2.patch, hdfs-1150-bugfix-1.patch,
> HDFS-1150-y20.build-script.patch, HDFS-1150-Y20S-ready-5.patch,
> HDFS-1150-Y20S-ready-6.patch, HDFS-1150-Y20S-ready-7.patch,
> HDFS-1150-Y20S-ready-8.patch, HDFS-1150-Y20S-Rough-2.patch,
> HDFS-1150-Y20S-Rough-3.patch, HDFS-1150-Y20S-Rough-4.patch,
> HDFS-1150-Y20S-Rough.txt
>
>
> Currently we use block access tokens to allow datanodes to verify clients'
> identities, however we don't have a way for clients to verify the
> authenticity of the datanodes themselves.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
