[
https://issues.apache.org/jira/browse/HDFS-17669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth updated HDFS-17669:
-------------------------------
Description:
CryptoInputStream/CryptioOutputStream does not depend on SASL functionality,
yet HDFS requests "auth-conf" QOP when negotatiating it.
This artifically limits using it with SASL mechanisms that natively support
encryption.
Hadoop should only set the QOP if it is configured to use native SASL
encryption. (i.e. if dfs.encrypt.data.transfer is false)
was:
CryptoInputStream/CryptioOutputStream does not depend on SASL functionality,
yet HDFS requests "auth-conf" QOP when negotatiating it.
This artifically limits using it with SASL mechanisms that do not natively
support encryption.
Hadoop should only set the QOP if it is configured to use native SASL
encryption. (i.e. if dfs.encrypt.data.transfer is false)
> Do not reqest SASL QOP when using CryptoInput/OutputStream
> ----------------------------------------------------------
>
> Key: HDFS-17669
> URL: https://issues.apache.org/jira/browse/HDFS-17669
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Reporter: Istvan Toth
> Priority: Major
>
> CryptoInputStream/CryptioOutputStream does not depend on SASL functionality,
> yet HDFS requests "auth-conf" QOP when negotatiating it.
> This artifically limits using it with SASL mechanisms that natively support
> encryption.
> Hadoop should only set the QOP if it is configured to use native SASL
> encryption. (i.e. if dfs.encrypt.data.transfer is false)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
