[jira] [Commented] (HDFS-7073) Allow falling back to a non-SASL connection on DataTransferProtocol in several edge cases.

Fri, 19 Sep 2014 12:25:56 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-7073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14141133#comment-14141133
 ] 

Chris Nauroth commented on HDFS-7073:
-------------------------------------

Well, all the things broke in that test run.  :-)  This is clearly a pre-commit 
build problem.  The failures are caused by {{NoSuchMethodError}}.  I'm starting 
to think that pre-commit builds are colliding with each other on the Jenkins 
host's local Maven repository.  If you have a hadoop-hdfs change dependent on a 
hadoop-common change, then I suspect there is a race condition that can cause 
your build to pull a hadoop-common.jar that was built for some other patch.  
I've triggered a fresh build.

> Allow falling back to a non-SASL connection on DataTransferProtocol in 
> several edge cases.
> ------------------------------------------------------------------------------------------
>
>                 Key: HDFS-7073
>                 URL: https://issues.apache.org/jira/browse/HDFS-7073
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, hdfs-client, security
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HDFS-7073.1.patch, HDFS-7073.2.patch, HDFS-7073.3.patch
>
>
> HDFS-2856 implemented general SASL support on DataTransferProtocol.  Part of 
> that work also included a fallback mode in case the remote cluster is running 
> under a different configuration without SASL.  I've discovered a few edge 
> case configurations that this did not support:
> * Cluster is unsecured, but has block access tokens enabled.  This is not 
> something I've seen done in practice, but I've heard historically it has been 
> allowed.  The HDFS-2856 code relied on seeing an empty block access token to 
> trigger fallback, and this doesn't work if the unsecured cluster actually is 
> using block access tokens.
> * The DataNode has an unpublicized testing configuration property that could 
> be used to skip the privileged port check.  However, the HDFS-2856 code is 
> still enforcing requirement of SASL when the ports are not privileged, so 
> this would force existing configurations to make changes to activate SASL.
> This patch will restore the old behavior so that these edge case 
> configurations will continue to work the same way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to