Dan Burkert has posted comments on this change. Change subject: WIP: rpc: Initiate TLS connection upgrade following SASL negotiation ......................................................................
Patch Set 1: I'm in the process of writing up the design in the auth design guide: https://docs.google.com/document/d/1Yu4iuIhaERwug1vS95yWDd_WzrNRIKvvVGUb31y-_mY/edit#. The fallout is that, with some refactoring, I think we can do essentially what this patch is doing, but initiate TLS right after the NEGOTIATE step and before SASL INITIATE. This gives us the best of both worlds, in a sense. No need to tunnel the TLS handshake through PB messages, but the SASL negotiation is wrapped in TLS I'm going to start prototyping this now. Comments welcome on the doc. I'll most likely be closing this gerrit or completely rewriting it. -- To view, visit http://gerrit.cloudera.org:8080/5484 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: If44a71186eb2cdeebaf46cc372596f3ee6b47ac0 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: No
