You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Benoy Antony (JIRA)" <ji...@apache.org> on 2014/04/01 01:37:16 UTC

[jira] [Resolved] (HADOOP-9709) Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy)

     [ https://issues.apache.org/jira/browse/HADOOP-9709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benoy Antony resolved HADOOP-9709.
----------------------------------

      Resolution: Duplicate
    Release Note: resolved via HDFS_5910 and HADOOP-10221

> Add ability in Hadoop servers (Namenode, Datanode, ResourceManager )  to support multiple QOP (Authentication , Privacy) 
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9709
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9709
>             Project: Hadoop Common
>          Issue Type: New Feature
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>
> Hadoop Servers currently support only one QOP for the whole cluster.
> We want Hadoop servers to support different quality of protection at the same time. This will enable different clients to use different QOP.
> A simple usecase:
> Let each Hadoop server support two QOP .
> 1.  Authentication
> 2. Privacy (Privacy includes Authentication) . 
> The Hadoop servers and internal clients does Authentication without incurring cost of encryption. External clients use Privacy. 
> The hadoop servers and internal clients are inside the firewall. External clients are outside the firewall.
> As an enhancement , it is possible to add  a pluggable check (eg. IP whitelist) to identify internal and external clients. 
> The implementation is simple. 
> Each Hadoop server listens on multiple ports by configuration with different QOP. 
> For the usecase mentioned above, the servers - NameNode, DataNode, ResourceManager listen on two ports (much like 80(http) and 443(https)) for RPC and Streaming.  ApplicationMaster uses a range of ports for privacy and non-privacy and picks up a port and QOP based on client's config for client communication.
> The clients specify the port which they are supposed to connect to. Clients specify the rpc protection as well encryption policy for streaming layer.
> This is an umbrella jira . 
> I have divided this feature into multiple small tasks. I'll add testcases once the approach is reviewed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)