[
https://issues.apache.org/jira/browse/SPARK-6229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14377102#comment-14377102
]
Marcelo Vanzin commented on SPARK-6229:
---------------------------------------
Hi, me again. So I finally got back to actually playing with the code today,
and I was trying out what it would take to implement my suggestion. While I
think it's worthwhile to abstract as much set up as possible behind the library
code, that change in itself is becoming too large and kinda taking away from
the focus of the change (adding encryption). So at this point I think it would
be easier to go with something smaller that, while not optimal in my view, at
least is more targeted, and we can do cleanup, if desired, separately.
So my current plan is to go with something not entirely unlike what Aaron is
saying.
* On the client side, TransportClientBootstrap would expose the channel to the
bootstrap implementation, so that the SASL bootstrap can, after negotiation,
insert itself into the pipeline to perform encryption.
* On the server side, I'll probably need to build something similar to
TransportClientBootstrap. I haven't really looked at what the code would look
like, but this will most probably require changes to all call sites that use
SaslRpcHandler at the moment.
So hopefully this will be a much smaller change that is also easier to review.
> Support SASL encryption in network/common module
> ------------------------------------------------
>
> Key: SPARK-6229
> URL: https://issues.apache.org/jira/browse/SPARK-6229
> Project: Spark
> Issue Type: Sub-task
> Components: Spark Core
> Reporter: Marcelo Vanzin
>
> After SASL support has been added to network/common, supporting encryption
> should be rather simple. Encryption is supported for DIGEST-MD5 and GSSAPI.
> Since the latter requires a valid kerberos login to work (and so doesn't
> really work with executors), encryption would require the use of DIGEST-MD5.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
