[
https://issues.apache.org/jira/browse/HDFS-13060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ajay Kumar updated HDFS-13060:
------------------------------
Status: Patch Available (was: In Progress)
> Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver
> ------------------------------------------------------------------------
>
> Key: HDFS-13060
> URL: https://issues.apache.org/jira/browse/HDFS-13060
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Attachments: HDFS-13060.000.patch
>
>
> HDFS-5910 introduces encryption negotiation between client and server based
> on a customizable TrustedChannelResolver class. The TrustedChannelResolver is
> invoked on both client and server side. If the resolver indicates that the
> channel is trusted, then the data transfer will not be encrypted even if
> dfs.encrypt.data.transfer is set to true.
> The default trust channel resolver implementation returns false indicating
> that the channel is not trusted, which always enables encryption. HDFS-5910
> also added a build-int whitelist based trust channel resolver. It allows you
> to put IP address/Network Mask of trusted client/server in whitelist files to
> skip encryption for certain traffics.
> This ticket is opened to add a blacklist based trust channel resolver for
> cases only certain machines (IPs) are untrusted without adding each trusted
> IP individually.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
