[
https://issues.apache.org/jira/browse/HDFS-17669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth updated HDFS-17669:
-------------------------------
Description:
-CryptoInputStream/CryptioOutputStream does not depend on SASL functionality,
yet HDFS requests "auth-conf" QOP when negotatiating it.-
-This artifically limits it to be usable only with SASL mechanisms that
natively support encryption.-
-Hadoop should only set the QOP if it is configured to use native SASL
encryption. (i.e. if dfs.encrypt.data.transfer is false)-
was:
CryptoInputStream/CryptioOutputStream does not depend on SASL functionality,
yet HDFS requests "auth-conf" QOP when negotatiating it.
This artifically limits it to be usable only with SASL mechanisms that natively
support encryption.
Hadoop should only set the QOP if it is configured to use native SASL
encryption. (i.e. if dfs.encrypt.data.transfer is false)
> Do not reqest SASL QOP when using CryptoInput/OutputStream
> ----------------------------------------------------------
>
> Key: HDFS-17669
> URL: https://issues.apache.org/jira/browse/HDFS-17669
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
> Labels: pull-request-available
>
> -CryptoInputStream/CryptioOutputStream does not depend on SASL functionality,
> yet HDFS requests "auth-conf" QOP when negotatiating it.-
> -This artifically limits it to be usable only with SASL mechanisms that
> natively support encryption.-
> -Hadoop should only set the QOP if it is configured to use native SASL
> encryption. (i.e. if dfs.encrypt.data.transfer is false)-
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
