[ https://issues.apache.org/jira/browse/HDFS-13060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348115#comment-16348115 ]
Hudson commented on HDFS-13060: ------------------------------- SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13596 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/13596/]) HDFS-13060. Adding a BlacklistBasedTrustedChannelResolver for (xyao: rev af015c0b2359be317132e2cf35735429f4f34ea7) * (add) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/CombinedIPList.java * (add) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/package-info.java * (add) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestBlackListBasedTrustedChannelResolver.java * (add) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/BlackListBasedTrustedChannelResolver.java > Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver > ------------------------------------------------------------------------ > > Key: HDFS-13060 > URL: https://issues.apache.org/jira/browse/HDFS-13060 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, security > Reporter: Xiaoyu Yao > Assignee: Ajay Kumar > Priority: Major > Fix For: 3.1.0 > > Attachments: HDFS-13060.000.patch, HDFS-13060.001.patch, > HDFS-13060.002.patch, HDFS-13060.003.patch > > > HDFS-5910 introduces encryption negotiation between client and server based > on a customizable TrustedChannelResolver class. The TrustedChannelResolver is > invoked on both client and server side. If the resolver indicates that the > channel is trusted, then the data transfer will not be encrypted even if > dfs.encrypt.data.transfer is set to true. > The default trust channel resolver implementation returns false indicating > that the channel is not trusted, which always enables encryption. HDFS-5910 > also added a build-int whitelist based trust channel resolver. It allows you > to put IP address/Network Mask of trusted client/server in whitelist files to > skip encryption for certain traffics. > This ticket is opened to add a blacklist based trust channel resolver for > cases only certain machines (IPs) are untrusted without adding each trusted > IP individually. > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org