[ https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866762#action_12866762 ]
Jakob Homan commented on HDFS-1150: ----------------------------------- The issue occurs when a client reads or writes blocks to a dn (and along the pipeline during writing). While the datanode is able to use the block access token to verify that the client has permission to do so, the client has no way of verifying that it's talking to a genuine datanode, rather than an imposter process that has come up on the datanode's port (say, after the datanode has crashed). To correct this, rather than change the DataTransferProtocol, and potentially introduce bugs into the write pipeline, we're looking at using the common's jsvc/daemon library to start a secure datanode as root, grab the necessary resources (eg privileged ports) and then drop privileges. This allows clients a reasonable certainty that the datanode they're talking to was started securely and is who they expect them to be. > Verify datanodes' identities to clients in secure clusters > ---------------------------------------------------------- > > Key: HDFS-1150 > URL: https://issues.apache.org/jira/browse/HDFS-1150 > Project: Hadoop HDFS > Issue Type: New Feature > Components: data-node > Affects Versions: 0.22.0 > Reporter: Jakob Homan > Assignee: Jakob Homan > > Currently we use block access tokens to allow datanodes to verify clients' > identities, however we don't have a way for clients to verify the > authenticity of the datanodes themselves. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.