[ https://issues.apache.org/jira/browse/HADOOP-10211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Nauroth updated HADOOP-10211: ----------------------------------- Release Note: The hadoop.rpc.protection configuration property previously supported specifying a single value: one of authentication, integrity or privacy. An unrecognized value was silently assumed to mean authentication. This configuration property now accepts a comma-separated list of any of the 3 values, and urecognized values are rejected with an error. Existing configurations containing an invalid value must be corrected. I'm adding a release note to indicate the potential impact on existing deployments that are misconfigured. > Enable RPC protocol to negotiate SASL-QOP values between clients and servers > ---------------------------------------------------------------------------- > > Key: HADOOP-10211 > URL: https://issues.apache.org/jira/browse/HADOOP-10211 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.2.0 > Reporter: Benoy Antony > Assignee: Benoy Antony > Fix For: 3.0.0, 2.4.0 > > Attachments: HADOOP-10211.patch, HADOOP-10211.patch, > HADOOP-10211.patch, HADOOP-10211.patch, HADOOP-10211.patch, > HADOOP-10221.sample > > > SASL allows different types of protection are referred to as the quality of > protection (qop). It is negotiated between the client and server during the > authentication phase of the SASL exchange. Currently hadoop allows specifying > a single QOP value via _hadoop.rpc.protection_. > The enhancement enables a user to specify multiple QOP values - > _authentication_, _integrity_, _privacy_ as a comma separated list via > _hadoop.rpc.protection_ > The client and server can have different set of values for > _hadoop.rpc.protection_ and they will negotiate to determine the QOP to be > used for communication. -- This message was sent by Atlassian JIRA (v6.2#6252)