[
https://issues.apache.org/jira/browse/HADOOP-10211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HADOOP-10211:
-----------------------------------
Release Note: The hadoop.rpc.protection configuration property previously
supported specifying a single value: one of authentication, integrity or
privacy. An unrecognized value was silently assumed to mean authentication.
This configuration property now accepts a comma-separated list of any of the 3
values, and urecognized values are rejected with an error. Existing
configurations containing an invalid value must be corrected.
I'm adding a release note to indicate the potential impact on existing
deployments that are misconfigured.
> Enable RPC protocol to negotiate SASL-QOP values between clients and servers
> ----------------------------------------------------------------------------
>
> Key: HADOOP-10211
> URL: https://issues.apache.org/jira/browse/HADOOP-10211
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.2.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Fix For: 3.0.0, 2.4.0
>
> Attachments: HADOOP-10211.patch, HADOOP-10211.patch,
> HADOOP-10211.patch, HADOOP-10211.patch, HADOOP-10211.patch,
> HADOOP-10221.sample
>
>
> SASL allows different types of protection are referred to as the quality of
> protection (qop). It is negotiated between the client and server during the
> authentication phase of the SASL exchange. Currently hadoop allows specifying
> a single QOP value via _hadoop.rpc.protection_.
> The enhancement enables a user to specify multiple QOP values -
> _authentication_, _integrity_, _privacy_ as a comma separated list via
> _hadoop.rpc.protection_
> The client and server can have different set of values for
> _hadoop.rpc.protection_ and they will negotiate to determine the QOP to be
> used for communication.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
