[jira] [Resolved] (HADOOP-9709) Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy)

[Benoy Antony (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-9709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Benoy Antony resolved HADOOP-9709.
----------------------------------

      Resolution: Duplicate
    Release Note: resolved via HDFS_5910 and HADOOP-10221

> Add ability in Hadoop servers (Namenode, Datanode, ResourceManager )  to 
> support multiple QOP (Authentication , Privacy) 
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9709
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9709
>             Project: Hadoop Common
>          Issue Type: New Feature
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>
> Hadoop Servers currently support only one QOP for the whole cluster.
> We want Hadoop servers to support different quality of protection at the same 
> time. This will enable different clients to use different QOP.
> A simple usecase:
> Let each Hadoop server support two QOP .
> 1.  Authentication
> 2. Privacy (Privacy includes Authentication) . 
> The Hadoop servers and internal clients does Authentication without incurring 
> cost of encryption. External clients use Privacy. 
> The hadoop servers and internal clients are inside the firewall. External 
> clients are outside the firewall.
> As an enhancement , it is possible to add  a pluggable check (eg. IP 
> whitelist) to identify internal and external clients. 
> The implementation is simple. 
> Each Hadoop server listens on multiple ports by configuration with different 
> QOP. 
> For the usecase mentioned above, the servers - NameNode, DataNode, 
> ResourceManager listen on two ports (much like 80(http) and 443(https)) for 
> RPC and Streaming.  ApplicationMaster uses a range of ports for privacy and 
> non-privacy and picks up a port and QOP based on client's config for client 
> communication.
> The clients specify the port which they are supposed to connect to. Clients 
> specify the rpc protection as well encryption policy for streaming layer.
> This is an umbrella jira . 
> I have divided this feature into multiple small tasks. I'll add testcases 
> once the approach is reviewed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)