[jira] [Commented] (GIRAPH-211) Add secure authentication to Netty IPC

Tue, 14 Aug 2012 01:23:42 -0700 

    [ 
https://issues.apache.org/jira/browse/GIRAPH-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13433994#comment-13433994
 ] 

Avery Ching commented on GIRAPH-211:
------------------------------------

Eugene, this is a nice start!  A few comments/questions about the limitations:

>-Authorization is not done: that is, clients are authenticated but there are 
>no restrictions on their ability to do RPC on the servers.

Can't we block until the authentication is done?

>-Clients should wait for authentication before trying to do RPC - once 
>authorization (see above) is done, they might encounter a race where they try 
>to do RPCs without yet being authenticated.

Same question as above?

>-Not tested on other than hadoop 2.0.1-SNAPSHOT

Would probably be nice to try on a hadoop 1.0.x if you have a chance.

>-Only works if we disable client-side channel-pooling (GIRAPH-289) and local 
>short-circuiting of RPCs (GIRAPH-262) - these should be configurable but 
>currently, I hard-wired both to be disabled.

I think it's reasonable to allow short-circuiting since there isn't a security 
issue here (this is the same process).  As for channel pooling, can we simply 
authenticate once per channel?
                
> Add secure authentication to Netty IPC
> --------------------------------------
>
>                 Key: GIRAPH-211
>                 URL: https://issues.apache.org/jira/browse/GIRAPH-211
>             Project: Giraph
>          Issue Type: Improvement
>            Reporter: Eugene Koontz
>            Assignee: Eugene Koontz
>             Fix For: 0.2.0
>
>         Attachments: GIRAPH-211.patch, GIRAPH-211-proposal.txt
>
>
> Gianmarco De Francisci Morales asked on the user list:
> bq. I am getting the exception in the subject when running my giraph program
> bq. on a cluster with Kerberos authentication.
> This leads to the idea of having Kerberos authentication supported within 
> GIRAPH. Hopefully it would use our fast GIRAPH-37 IPC, but could also 
> interoperate with Hadoop security.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to