[ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13683896#comment-13683896 ]
Daryn Sharp commented on HADOOP-9421: ------------------------------------- Given today's network speeds, I'm not going to fret over a handful of bytes that greatly enhance the design of the authentication layer. I did extensive testing with a more advanced follow on patch that instantiates the SASL client upon receipt of the NEGOTIATE. That patch resulted in an average 1% penalty and a median 2% penalty to the first RPC call using kerberos authentication - which translates to less than 10ms. That held true while issuing concurrent calls up until the number of socket readers. Once the number of socket readers is exceeded, performance drops off so sharply that any penalty is lost in the statistical noise. Assuming the penalty is entirely due to the additional NEGOTIATE response, I can likely erase it by removing the unnecessary connection context. We're passing null for the SASL authz user when it could be the effective user. SIMPLE is the only "auth" that actually requires the context context, but that could be a special case (as it already is in many ways) or could be replaced with SASL PLAIN which simply sends the effective and real user separated by null bytes. Note this patch does have a minor issue with kerberos where the client is confused about the state of negotiation after it completes. > Convert SASL to use ProtoBuf and add lengths for non-blocking processing > ------------------------------------------------------------------------ > > Key: HADOOP-9421 > URL: https://issues.apache.org/jira/browse/HADOOP-9421 > Project: Hadoop Common > Issue Type: Sub-task > Affects Versions: 2.0.3-alpha > Reporter: Sanjay Radia > Assignee: Daryn Sharp > Attachments: HADOOP-9421.patch, HADOOP-9421.patch, HADOOP-9421.patch, > HADOOP-9421.patch, HADOOP-9421-v2-demo.patch > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira