[
https://issues.apache.org/jira/browse/SPARK-6229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14372379#comment-14372379
]
Marcelo Vanzin commented on SPARK-6229:
---------------------------------------
But I do mean "internal Spark users" when I mention users. Basically I'm not
too fond of requiring all the different Spark components to have to understand
the network library's configuration when setting up the connection. That
approach has a much wider area of exposure for bugs.
Imagine having every place where a client or server is instantiated have code
like this, which is kinda what happens today:
{code}
if (conf.isAuthEnabled()) {
transport.addHandler(new SaslHandler())
}
if (conf.isSslEnabled()) {
transport.addHandler(new SslHandler())
} else if (conf.isSaslEncryptionEnabled()) {
transport.addHandler(new SaslEncryptionHandler())
}
{code}
You'll end up, at some point, just refactoring all this into a library. At that
point, why not just do that in the network library itself? it already has all
the infrastructure to deal with the different configuration sources used in
Spark.
> Support SASL encryption in network/common module
> ------------------------------------------------
>
> Key: SPARK-6229
> URL: https://issues.apache.org/jira/browse/SPARK-6229
> Project: Spark
> Issue Type: Sub-task
> Components: Spark Core
> Reporter: Marcelo Vanzin
>
> After SASL support has been added to network/common, supporting encryption
> should be rather simple. Encryption is supported for DIGEST-MD5 and GSSAPI.
> Since the latter requires a valid kerberos login to work (and so doesn't
> really work with executors), encryption would require the use of DIGEST-MD5.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
