[
https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13639746#comment-13639746
]
Daryn Sharp commented on HADOOP-9421:
-------------------------------------
My prior comment was about not using sasl-next, but considering your proposal
that the client suggests a mechanism, and the server can return all supported
mechanisms to let the client chose. I was trying to point out I don't think
the client can make an intelligent discussion about a mechanism, so it might as
well let the server tell it the mechanisms since a roundtrip is involved anyway
to start the negotiation (server has to agree or send a list of what it
supports).
Although I was planning to drop the "sasl-next" approach, I started trying to
write some pseudo-code for your proposal and found it harder. Depending on the
complexity differences, we may to decide if saving 1 or 2 RPCs during job
submission is worth it.
For illustration, here's what I started documenting after my initial proposal.
I'll work on yours tomorrow morning.
Client:
{code}
saslClient = null
sendRpc [ connection-header: … ]
while (rpc = readRpc()) {
switch (rpc) {
case [ sasl-ok ]
return true
case [ sasl-error: message ]
throw rpc.message
case [ sasl-start: mech, proto, serverId ]
saslClient = createSaslClient(rpc.mech, rpc.proto,
rpc.serverId)
if (saslClient == null) {
sendRpc [ sasl-next ]
} else {
sendRpc [ sasl-response:
saslClient.evaluateChallenge() ]
}
case [ sasl-challenge: challenge ]
sendRpc [ sasl-response:
saslClient.evaluateChallenge(rpc.challenge) ]
}
}
{code}
Server:
{code}
saslServer = null
while (rpc = readRpc()) {
switch (rpc) {
case [ connection-header: … ]
processHeader(rpc)
case [ sasl-next ]
saslServer = null
case [ sasl-response: response ]
if (saslServer == null) {
saslServer = createSaslServer(saslAuth.mech,
saslAuth.proto, saslAuth.serverId)
}
nextChallenge =
saslServer.evaluateResponse(rpc.response)
switch (saslServer.state) {
case ERROR:
sendRpc [ sasl-error: saslServer.error ]
return false
case DONE:
sendRpc [ sasl-ok ]
return true
case INPROGRESS:
sendRpc [ sasl-challenge: nextChallenge
]
}
}
}
if (saslServer == null) {
saslAuth = nextSaslAuth()
if (saslAuth == null) {
sendRpc [ sasl-error: "failed to login" ]
return false
}
sendRpc [ sasl-start: saslAuth.mech, saslAuth.proto,
saslAuth.serverId ]
}
}
{code}
> Add full length to SASL response to allow non-blocking readers
> --------------------------------------------------------------
>
> Key: HADOOP-9421
> URL: https://issues.apache.org/jira/browse/HADOOP-9421
> Project: Hadoop Common
> Issue Type: Sub-task
> Affects Versions: 2.0.3-alpha
> Reporter: Sanjay Radia
> Assignee: Junping Du
> Attachments: HADOOP-9421.patch
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
