[
https://issues.apache.org/jira/browse/HDFS-5353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13795340#comment-13795340
]
Colin Patrick McCabe commented on HDFS-5353:
--------------------------------------------
This is a good find. Thanks, Haohui.
I believe that UNIX domain sockets should ignore {{dfs.encrypt.data.transfer}}.
Because UNIX domain sockets are local (they never leave the same machine),
there is no concern about network snooping as there is with TCP connections.
Encryption would not add any real security in this context. This is especially
true when passing file descriptors, since in that case, none of the data is
going through the socket anyway.
> Short circuit reads fail when dfs.encrypt.data.transfer is enabled
> ------------------------------------------------------------------
>
> Key: HDFS-5353
> URL: https://issues.apache.org/jira/browse/HDFS-5353
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Haohui Mai
>
> DataXceiver tries to establish secure channels via sasl when
> dfs.encrypt.data.transfer is turned on. However, domain socket traffic seems
> to be unencrypted therefore the client cannot communicate with the data node
> via domain sockets, which makes short circuit reads unfunctional.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
