[
https://issues.apache.org/jira/browse/HADOOP-2184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12546318
]
Doug Cutting commented on HADOOP-2184:
--------------------------------------
> it will move some of the code, mainly writeHeader() in client and
> processHeader() in Server.
Actually, I think we'll still need those. The RPC layer will be versioned
separately from each socket factory implementation, so the socketfactory will
have its headers, and RPC will still have its headers. So the additions to the
header code will be removed when we move to socketfactories.
> All the socket factories need to support non-blocking accepts and Server.java
> needs to handle non-blocking accepts.
I think the normal ServerSocketFactory API accomodates this. A ServerSocket
returned from the factory must implement getChannel(), returning a selectable
ServerSocketChannel. The ServerSocketChannel returned must implement accept(),
returning a SocketChannel. That SocketChannel's read() method should swallow
the first bytes it sees as the header, throwing an IOException if the header
is invalid. So I don't think we should need to devise any new APIs here.
> This does not yet add any new functionality for 16.
I'm okay postponing socketfactories until 0.17.
> RPC Support for user permissions and authentication.
> ----------------------------------------------------
>
> Key: HADOOP-2184
> URL: https://issues.apache.org/jira/browse/HADOOP-2184
> Project: Hadoop
> Issue Type: New Feature
> Components: ipc
> Affects Versions: 0.15.0
> Reporter: Tsz Wo (Nicholas), SZE
> Assignee: Raghu Angadi
> Fix For: 0.16.0
>
> Attachments: HADOOP-2184-demo.patch, HADOOP-2184-demo.patch,
> HADOOP-2184-demo.patch, HADOOP-2184-demo.patch, HADOOP-2184-demo.patch
>
>
> Update 11/13/2007: What is proposed for 0.16.0 :
> The client can set a user ticket (as defined in HADOOP-1701) for each
> connection and that ticket is made available to RPC calls at the server. The
> client can replace the ticket at any time. The main advantage is that rest of
> the the client RPCs don't need to be aware of the user tickets.
> What RPC would ideally support in future :
> In the current version of RPC, there is no authentication or data protection.
> We propose to change the RPC framework, so that secure communication is
> possible.
> The new RPC should:
> - Compatible with current RPC
> - Allow a pluggable security implementations (see HADOOP-1701)
> - Support both secure and non-secure modes.
> Here is a rough idea:
> - Store security information (e.g. username, keys) in a ticket
> - Use the ticket to establish a RPC connection
> - Create secure sockets by the (subclass of) SocketFactory corresponding to
> the selected security implementations
> - Send the data and RPC parameters with the secure sockets
> When authentication is supported, the RPC callee should also initialize
> caller information during RPC setup and execute the RPC on the caller's
> behalf.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
