You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Benoy Antony (JIRA)" <ji...@apache.org> on 2014/04/01 01:37:16 UTC
[jira] [Resolved] (HADOOP-9709) Add ability in Hadoop servers
(Namenode, Datanode, ResourceManager ) to support multiple QOP
(Authentication , Privacy)
[ https://issues.apache.org/jira/browse/HADOOP-9709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benoy Antony resolved HADOOP-9709.
----------------------------------
Resolution: Duplicate
Release Note: resolved via HDFS_5910 and HADOOP-10221
> Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy)
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9709
> URL: https://issues.apache.org/jira/browse/HADOOP-9709
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Benoy Antony
> Assignee: Benoy Antony
>
> Hadoop Servers currently support only one QOP for the whole cluster.
> We want Hadoop servers to support different quality of protection at the same time. This will enable different clients to use different QOP.
> A simple usecase:
> Let each Hadoop server support two QOP .
> 1. Authentication
> 2. Privacy (Privacy includes Authentication) .
> The Hadoop servers and internal clients does Authentication without incurring cost of encryption. External clients use Privacy.
> The hadoop servers and internal clients are inside the firewall. External clients are outside the firewall.
> As an enhancement , it is possible to add a pluggable check (eg. IP whitelist) to identify internal and external clients.
> The implementation is simple.
> Each Hadoop server listens on multiple ports by configuration with different QOP.
> For the usecase mentioned above, the servers - NameNode, DataNode, ResourceManager listen on two ports (much like 80(http) and 443(https)) for RPC and Streaming. ApplicationMaster uses a range of ports for privacy and non-privacy and picks up a port and QOP based on client's config for client communication.
> The clients specify the port which they are supposed to connect to. Clients specify the rpc protection as well encryption policy for streaming layer.
> This is an umbrella jira .
> I have divided this feature into multiple small tasks. I'll add testcases once the approach is reviewed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)