[
https://issues.apache.org/jira/browse/HBASE-17860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ted Yu updated HBASE-17860:
---------------------------
Attachment: 17860.v3.txt
Patch v3 removes hardcoding of KERBEROS_AUTH_TYPE by passing Conf to RpcSerde.
> Implement secure native client connection
> -----------------------------------------
>
> Key: HBASE-17860
> URL: https://issues.apache.org/jira/browse/HBASE-17860
> Project: HBase
> Issue Type: Sub-task
> Reporter: Ted Yu
> Assignee: Ted Yu
> Priority: Critical
> Attachments: 17860.v2.txt, 17860.v3.txt
>
>
> So far, the native client communicates with insecure cluster.
> This JIRA is to add secure connection support for native client using Cyrus
> library.
> The work is based on earlier implementation and is redone via wangle and
> folly frameworks.
> Thanks to [~devaraj] who started the initiative.
> Here is high level description of the design:
> * SaslHandler is declared as:
> {code}
> class SaslHandler
> : public wangle::HandlerAdapter<folly::IOBufQueue&,
> std::unique_ptr<folly::IOBuf>>{
> {code}
> It would be inserted between EventBaseHandler and
> LengthFieldBasedFrameDecoder in the pipeline (via
> ConnectionFactory::Connect())
> * SaslHandler would intercept writes to server by buffering the IOBuf's and
> start the handshake process (via sasl_client_XX calls provided by Cyrus)
> * after handshake is complete, SaslHandler would send the buffered IOBuf's to
> server and act as pass-thru from then on
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
