[
https://issues.apache.org/jira/browse/HDFS-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14046201#comment-14046201
]
Jitendra Nath Pandey commented on HDFS-2856:
--------------------------------------------
- For the specialized encrypted handshake, it seems the encrypted key is
obtained from namenode via rpc for every block. That makes it now two RPC calls
to namenode for every new block to write. For a given file, the key should be
same and could be obtained only once?
- getEncryptedStreams doesn't use access token. IMO the user and the password
should be derived from the accesstoken rather than the key.
- It might make sense to define the defaults for the new configuration
variables in hdfs-default and/or as constants. It helps in code reading at
times.
- Log.debug should be wrapped inside if (Log.isDebugEnabled()) condition.
- checkTrustAndSend obtains new encryption key, irrespective of the qop needed.
I believe the encryption key is needed only for specialized encryption case.
- SaslDataTransferClient object in NameNodeConnector.java seems out of place,
the NameNodeConnector is supposed to encapsulate only namenode connections. Can
we avoid the saslClient in this class?
- RemotePeerFactory.java: Javadoc needs update.
- Minor nit: checkTrustAndSend returns null for skipping handshake which has to
be checked in the caller. It could just return the same stream pair, which
otherwise every caller has to do.
> Fix block protocol so that Datanodes don't require root or jsvc
> ---------------------------------------------------------------
>
> Key: HDFS-2856
> URL: https://issues.apache.org/jira/browse/HDFS-2856
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: datanode, security
> Affects Versions: 3.0.0, 2.4.0
> Reporter: Owen O'Malley
> Assignee: Chris Nauroth
> Attachments: Datanode-Security-Design.pdf,
> Datanode-Security-Design.pdf, Datanode-Security-Design.pdf,
> HDFS-2856-Test-Plan-1.pdf, HDFS-2856.1.patch, HDFS-2856.2.patch,
> HDFS-2856.3.patch, HDFS-2856.4.patch, HDFS-2856.5.patch,
> HDFS-2856.prototype.patch
>
>
> Since we send the block tokens unencrypted to the datanode, we currently
> start the datanode as root using jsvc and get a secure (< 1024) port.
> If we have the datanode generate a nonce and send it on the connection and
> the sends an hmac of the nonce back instead of the block token it won't
> reveal any secrets. Thus, we wouldn't require a secure port and would not
> require root or jsvc.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
