[
https://issues.apache.org/jira/browse/HDFS-13061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ajay Kumar updated HDFS-13061:
------------------------------
Attachment: HDFS-13061.002.patch
> SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted
> channel
> -------------------------------------------------------------------------------------
>
> Key: HDFS-13061
> URL: https://issues.apache.org/jira/browse/HDFS-13061
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Attachments: HDFS-13061.000.patch, HDFS-13061.001.patch,
> HDFS-13061.002.patch
>
>
> HDFS-5910 introduces encryption negotiation between client and server based
> on a customizable TrustedChannelResolver class. The TrustedChannelResolver is
> invoked on both client and server side. If the resolver indicates that the
> channel is trusted, then the data transfer will not be encrypted even if
> dfs.encrypt.data.transfer is set to true.
> SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the
> client and server address are trusted, respectively. It decides the channel
> is untrusted only if both client and server are not trusted to enforce
> encryption. *This ticket is opened to change it to not trust (and encrypt) if
> either client or server address are not trusted.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
