[
https://issues.apache.org/jira/browse/HDFS-13060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16347201#comment-16347201
]
Ajay Kumar edited comment on HDFS-13060 at 1/31/18 6:08 PM:
------------------------------------------------------------
[~xyao], thanks for review. Updated patch v2 to address suggestions. Created
[HDFS-13090] to support composite trusted channel resolver.
was (Author: ajayydv):
[~xyao], thanks for review. Updated patch v2 to address suggestions.
> Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver
> ------------------------------------------------------------------------
>
> Key: HDFS-13060
> URL: https://issues.apache.org/jira/browse/HDFS-13060
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Attachments: HDFS-13060.000.patch, HDFS-13060.001.patch,
> HDFS-13060.002.patch
>
>
> HDFS-5910 introduces encryption negotiation between client and server based
> on a customizable TrustedChannelResolver class. The TrustedChannelResolver is
> invoked on both client and server side. If the resolver indicates that the
> channel is trusted, then the data transfer will not be encrypted even if
> dfs.encrypt.data.transfer is set to true.
> The default trust channel resolver implementation returns false indicating
> that the channel is not trusted, which always enables encryption. HDFS-5910
> also added a build-int whitelist based trust channel resolver. It allows you
> to put IP address/Network Mask of trusted client/server in whitelist files to
> skip encryption for certain traffics.
> This ticket is opened to add a blacklist based trust channel resolver for
> cases only certain machines (IPs) are untrusted without adding each trusted
> IP individually.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
