[ https://issues.apache.org/jira/browse/HDFS-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14039649#comment-14039649 ]
Hadoop QA commented on HDFS-2856: --------------------------------- {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12651766/HDFS-2856.3.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 5 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-hdfs-project/hadoop-hdfs. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/7196//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7196//console This message is automatically generated. > Fix block protocol so that Datanodes don't require root or jsvc > --------------------------------------------------------------- > > Key: HDFS-2856 > URL: https://issues.apache.org/jira/browse/HDFS-2856 > Project: Hadoop HDFS > Issue Type: Improvement > Components: datanode, security > Affects Versions: 3.0.0, 2.4.0 > Reporter: Owen O'Malley > Assignee: Chris Nauroth > Attachments: Datanode-Security-Design.pdf, > Datanode-Security-Design.pdf, Datanode-Security-Design.pdf, > HDFS-2856.1.patch, HDFS-2856.2.patch, HDFS-2856.3.patch, > HDFS-2856.prototype.patch > > > Since we send the block tokens unencrypted to the datanode, we currently > start the datanode as root using jsvc and get a secure (< 1024) port. > If we have the datanode generate a nonce and send it on the connection and > the sends an hmac of the nonce back instead of the block token it won't > reveal any secrets. Thus, we wouldn't require a secure port and would not > require root or jsvc. -- This message was sent by Atlassian JIRA (v6.2#6252)