[ https://issues.apache.org/jira/browse/HBASE-17860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu updated HBASE-17860: --------------------------- Attachment: 17860.v3.txt Patch v3 removes hardcoding of KERBEROS_AUTH_TYPE by passing Conf to RpcSerde. > Implement secure native client connection > ----------------------------------------- > > Key: HBASE-17860 > URL: https://issues.apache.org/jira/browse/HBASE-17860 > Project: HBase > Issue Type: Sub-task > Reporter: Ted Yu > Assignee: Ted Yu > Priority: Critical > Attachments: 17860.v2.txt, 17860.v3.txt > > > So far, the native client communicates with insecure cluster. > This JIRA is to add secure connection support for native client using Cyrus > library. > The work is based on earlier implementation and is redone via wangle and > folly frameworks. > Thanks to [~devaraj] who started the initiative. > Here is high level description of the design: > * SaslHandler is declared as: > {code} > class SaslHandler > : public wangle::HandlerAdapter<folly::IOBufQueue&, > std::unique_ptr<folly::IOBuf>>{ > {code} > It would be inserted between EventBaseHandler and > LengthFieldBasedFrameDecoder in the pipeline (via > ConnectionFactory::Connect()) > * SaslHandler would intercept writes to server by buffering the IOBuf's and > start the handshake process (via sasl_client_XX calls provided by Cyrus) > * after handshake is complete, SaslHandler would send the buffered IOBuf's to > server and act as pass-thru from then on -- This message was sent by Atlassian JIRA (v6.3.15#6346)