[jira] [Commented] (HADOOP-9421) Generalize SASL Support with Protocol Buffer
[ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13658221#comment-13658221 ] Kai Zheng commented on HADOOP-9421: --- Luke good point. It’s great to resolve this issue if “we have a mechanism to evolve SASL mechanisms/protocols negotiation without breaking general RPC backward compatibility” with the RPC cleanup. With this support new authentication mechanisms can continue to be implemented in current way as Daryn might be doing. And based on the mentioned mechanism hopefully an opaque token can also be employed or at least supported without breaking RPC backward compatibility as this JIRA desires. Such opaque token is needed by token authentication and single sign on in (HADOOP-9392) where new authentication mechanism can be implemented and plugin-ed via the token without involving to change this RPC work again. So my question would be: 1. Do we have any limit for the optional token field and what properties it must be of? Variable of bytes would be great; 2. Do we have a flag field or something like that to mark the token type in client side, and in server side it can interpret the token accordingly to the type? 3. Hopefully we can add token authentication handler with relevant callbacks in elegant way. Thanks for your consideration. Generalize SASL Support with Protocol Buffer Key: HADOOP-9421 URL: https://issues.apache.org/jira/browse/HADOOP-9421 Project: Hadoop Common Issue Type: Sub-task Affects Versions: 2.0.3-alpha Reporter: Sanjay Radia Assignee: Junping Du Attachments: HADOOP-9421.patch -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9421) Generalize SASL Support with Protocol Buffer
[ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13658842#comment-13658842 ] Sanjay Radia commented on HADOOP-9421: -- bq. Looks like we need to limit the scope of this jira, which is a subtask of the RPC cleanup Luke, part of the problem is that the title of the Jira suggests that the scope is wide. Please change the title to Convert SASL to use ProtoBuf and add lengths for non-blocking processing. I agree that we should limit the scope. I would have been happy to just add the length to the reply. Generalize SASL Support with Protocol Buffer Key: HADOOP-9421 URL: https://issues.apache.org/jira/browse/HADOOP-9421 Project: Hadoop Common Issue Type: Sub-task Affects Versions: 2.0.3-alpha Reporter: Sanjay Radia Assignee: Junping Du Attachments: HADOOP-9421.patch -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9421) Generalize SASL Support with Protocol Buffer
[ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13655309#comment-13655309 ] Larry McCay commented on HADOOP-9421: - I have attached an overview document for HSSO service use to the https://issues.apache.org/jira/browse/HADOOP-9533 Jira. I briefly speak about a IDP discovery endpoint as a protocol for determining the trusted authentication provider for a given cluster. I think that we need to rationalize the advertisement and discovery of SASL authentication mechanisms with this IDP Discovery endpoint. Do we need to converge them into a single protocol that can be leverage by both RPC/SASL and REST clients? Maybe we just need to have them be semantically aligned? I am interested in your thoughts there. Generalize SASL Support with Protocol Buffer Key: HADOOP-9421 URL: https://issues.apache.org/jira/browse/HADOOP-9421 Project: Hadoop Common Issue Type: Sub-task Affects Versions: 2.0.3-alpha Reporter: Sanjay Radia Assignee: Junping Du Attachments: HADOOP-9421.patch -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9421) Generalize SASL Support with Protocol Buffer
[ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13655459#comment-13655459 ] Luke Lu commented on HADOOP-9421: - Looks like we need to limit the scope of this jira, which is a subtask of the RPC cleanup, as Sanjay, who owns parent JIRA told me via email that they would like to start a scale test with the new RPC v9 ASAP. I think that as long as we have a mechanism to evolve SASL mechanisms/protocols negotiation without breaking general RPC backward compatibility, we can finish the generic SASL support in a separate JIRA, say the original HADOOP-9034. My proposal for this JIRA would be: * Remove the AuthMethod byte (which will be covered by the SaslRequestPoto later) * Add SaslRequestProto (with a required version field and a optional token field) and SaslResponseProto (optional status, token, error fields). * Prefix Sasl*Proto with int32 like the rest of the RPC. Thoughts? Generalize SASL Support with Protocol Buffer Key: HADOOP-9421 URL: https://issues.apache.org/jira/browse/HADOOP-9421 Project: Hadoop Common Issue Type: Sub-task Affects Versions: 2.0.3-alpha Reporter: Sanjay Radia Assignee: Junping Du Attachments: HADOOP-9421.patch -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9421) Generalize SASL Support with Protocol Buffer
[ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13649084#comment-13649084 ] Larry McCay commented on HADOOP-9421: - Hi Daryn - I'm interested where you stand with this prototype. I am about to document what we have in mind for REST client IDP discovery. I think that we need to rationalize these approaches in someway though I'm not entirely sure that we can. At the very least, the discovery protocols should parellel each other. I will add a document to HADOOP-9533 to briefly describe the discovery protocol as well as the interaction with IDPs, HSSO and the resulting tokens. Obviously, the tokens will need to be rationalized with what is being done for HADOOP-9392. Generalize SASL Support with Protocol Buffer Key: HADOOP-9421 URL: https://issues.apache.org/jira/browse/HADOOP-9421 Project: Hadoop Common Issue Type: Sub-task Affects Versions: 2.0.3-alpha Reporter: Sanjay Radia Assignee: Junping Du Attachments: HADOOP-9421.patch -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9421) Generalize SASL Support with Protocol Buffer
[ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13643267#comment-13643267 ] Daryn Sharp commented on HADOOP-9421: - With the SASL PLAIN work almost done, I'll prototype this up real soon now. Generalize SASL Support with Protocol Buffer Key: HADOOP-9421 URL: https://issues.apache.org/jira/browse/HADOOP-9421 Project: Hadoop Common Issue Type: Sub-task Affects Versions: 2.0.3-alpha Reporter: Sanjay Radia Assignee: Junping Du Attachments: HADOOP-9421.patch -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira