You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Xiaoyu Yao (JIRA)" <ji...@apache.org> on 2018/01/24 23:55:02 UTC
[jira] [Created] (HDFS-13061)
SaslDataTransferClient#checkTrustAndSend should not trust a partially
trusted channel
Xiaoyu Yao created HDFS-13061:
---------------------------------
Summary: SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted channel
Key: HDFS-13061
URL: https://issues.apache.org/jira/browse/HDFS-13061
Project: Hadoop HDFS
Issue Type: Bug
Reporter: Xiaoyu Yao
Assignee: Ajay Kumar
HDFS-5920 introduces encryption negotiation between client and server based on a customizable TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server side. If the resolver indicates that the channel is trusted, then the data transfer will not be encrypted even if dfs.encrypt.data.transfer is set to true.
SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the client and server address are trusted, respectively. It decides the channel is untrusted only if both client and server are not trusted to enforce encryption. *This ticket is opened to change it to not trust (and encrypt) if either client or server address are not trusted.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org