[ https://issues.apache.org/jira/browse/GIRAPH-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458009#comment-13458009 ]
Eugene Koontz commented on GIRAPH-211: -------------------------------------- My apologies for the delay. I am in the final stages : getting it to compile on all supported Hadoop versions and fixing checkstyle errors. I have the SASL code implemented as a ChannelHandler as we discussed. Here's what the pipeline looks like on the client side, showing both authenticated and non-authenticated cases: {code:title=NettyClient.java} // Set up the pipeline factory. bootstrap.setPipelineFactory(new ChannelPipelineFactory() { @Override public ChannelPipeline getPipeline() throws Exception { if (conf.getBoolean(GiraphJob.AUTHENTICATE, GiraphJob.DEFAULT_AUTHENTICATE)) { LOG.info("Using Netty with authentication."); // Our pipeline starts with just byteCounter, and then we use // addAfter() to incrementally add pipeline elements, so that we can // name them for identification for removal or replacement after // client is authenticated by server. ChannelPipeline pipeline = Channels.pipeline( byteCounter); // After authentication finishes, the following is replaced with // FixedLengthFrameDecoder (as in non-auth pipeline below): pipeline.addLast("length-field-based-frame-decoder", new LengthFieldBasedFrameDecoder(1024, 0, 4, 0, 4)); pipeline.addLast("request-encoder", new RequestEncoder()); // After authentication finishes, the following is removed: pipeline.addLast("sasl-client-handler", new SaslClientHandler(conf)); pipeline.addLast("response-handler", new ResponseClientHandler(clientRequestIdRequestInfoMap, conf)); return pipeline; } else { LOG.info("Using Netty without authentication."); return Channels.pipeline( byteCounter, new FixedLengthFrameDecoder(RequestServerHandler.RESPONSE_BYTES), new RequestEncoder(), new ResponseClientHandler(clientRequestIdRequestInfoMap, conf)); } } }); {code} > Add secure authentication to Netty IPC > -------------------------------------- > > Key: GIRAPH-211 > URL: https://issues.apache.org/jira/browse/GIRAPH-211 > Project: Giraph > Issue Type: Improvement > Reporter: Eugene Koontz > Assignee: Eugene Koontz > Fix For: 0.2.0 > > Attachments: GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch, > GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211-proposal.txt > > > Gianmarco De Francisci Morales asked on the user list: > bq. I am getting the exception in the subject when running my giraph program > bq. on a cluster with Kerberos authentication. > This leads to the idea of having Kerberos authentication supported within > GIRAPH. Hopefully it would use our fast GIRAPH-37 IPC, but could also > interoperate with Hadoop security. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira