[
https://issues.apache.org/jira/browse/HDFS-13061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16347274#comment-16347274
]
Xiaoyu Yao edited comment on HDFS-13061 at 1/31/18 5:55 PM:
------------------------------------------------------------
Thanks [~ajayydv] for the update. +1 for the v3 patch.
The test failures are unrelated. I will commit it shortly.
was (Author: xyao):
Thanks [~ajayydv] for the update. +1 for the v4 patch.
The test failures are unrelated. I will commit it shortly.
> SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted
> channel
> -------------------------------------------------------------------------------------
>
> Key: HDFS-13061
> URL: https://issues.apache.org/jira/browse/HDFS-13061
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Attachments: HDFS-13061.000.patch, HDFS-13061.001.patch,
> HDFS-13061.002.patch, HDFS-13061.003.patch
>
>
> HDFS-5910 introduces encryption negotiation between client and server based
> on a customizable TrustedChannelResolver class. The TrustedChannelResolver is
> invoked on both client and server side. If the resolver indicates that the
> channel is trusted, then the data transfer will not be encrypted even if
> dfs.encrypt.data.transfer is set to true.
> SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the
> client and server address are trusted, respectively. It decides the channel
> is untrusted only if both client and server are not trusted to enforce
> encryption. *This ticket is opened to change it to not trust (and encrypt) if
> either client or server address are not trusted.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
