You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "Xiaoyu Yao (JIRA)" <ji...@apache.org> on 2018/01/24 23:55:02 UTC

[jira] [Created] (HDFS-13061) SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted channel

Xiaoyu Yao created HDFS-13061:
---------------------------------

             Summary: SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted channel
                 Key: HDFS-13061
                 URL: https://issues.apache.org/jira/browse/HDFS-13061
             Project: Hadoop HDFS
          Issue Type: Bug
            Reporter: Xiaoyu Yao
            Assignee: Ajay Kumar


HDFS-5920 introduces encryption negotiation between client and server based on a customizable TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server side. If the resolver indicates that the channel is trusted, then the data transfer will not be encrypted even if dfs.encrypt.data.transfer is set to true. 

SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the client and server address are trusted, respectively. It decides the channel is untrusted only if both client and server are not trusted to enforce encryption. *This ticket is opened to change it to not trust (and encrypt) if either client or server address are not trusted.*



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org