[ https://issues.apache.org/jira/browse/HDFS-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Nauroth updated HDFS-2856: -------------------------------- Attachment: HDFS-2856.6.patch Here is patch version 6. This incorporates Jitendra's feedback as I described in my last comment. > Fix block protocol so that Datanodes don't require root or jsvc > --------------------------------------------------------------- > > Key: HDFS-2856 > URL: https://issues.apache.org/jira/browse/HDFS-2856 > Project: Hadoop HDFS > Issue Type: Improvement > Components: datanode, security > Affects Versions: 3.0.0, 2.4.0 > Reporter: Owen O'Malley > Assignee: Chris Nauroth > Attachments: Datanode-Security-Design.pdf, > Datanode-Security-Design.pdf, Datanode-Security-Design.pdf, > HDFS-2856-Test-Plan-1.pdf, HDFS-2856.1.patch, HDFS-2856.2.patch, > HDFS-2856.3.patch, HDFS-2856.4.patch, HDFS-2856.5.patch, HDFS-2856.6.patch, > HDFS-2856.prototype.patch > > > Since we send the block tokens unencrypted to the datanode, we currently > start the datanode as root using jsvc and get a secure (< 1024) port. > If we have the datanode generate a nonce and send it on the connection and > the sends an hmac of the nonce back instead of the block token it won't > reveal any secrets. Thus, we wouldn't require a secure port and would not > require root or jsvc. -- This message was sent by Atlassian JIRA (v6.2#6252)