Hello Todd Lipcon, Alexey Serbin,

I'd like you to do a code review.  Please visit

    http://gerrit.cloudera.org:8080/6137

to review the following change.

Change subject: [security] Add per-connection nonce for Kerberos replay 
resistance
......................................................................

[security] Add per-connection nonce for Kerberos replay resistance

Kerberos is suceptible to replay attacks, which it attempts to mitigate
by using a server-side replay cache. The cache is not 100% effective,
and is extremely slow in older versions of the library. This commit
introduces an effective and efficient method of mitigating replay
attacks by using a server-generated nonce which the client must send
back to the server, wrapped in SASL integrity protection. This will
allow Kudu to disable the replay cache without negatively affecting
security.

No tests are provided, but the codepath is well covered by existing
Kerberos negotiation tests. I intend to write simulated mitm tests to
check this and the channel binding protections soon.

Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627
---
M docs/design-docs/rpc.md
M java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
M src/kudu/rpc/client_negotiation.cc
M src/kudu/rpc/client_negotiation.h
M src/kudu/rpc/rpc_header.proto
M src/kudu/rpc/sasl_common.cc
M src/kudu/rpc/sasl_common.h
M src/kudu/rpc/server_negotiation.cc
M src/kudu/rpc/server_negotiation.h
M src/kudu/security/crypto.cc
M src/kudu/security/crypto.h
11 files changed, 193 insertions(+), 98 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/37/6137/1
-- 
To view, visit http://gerrit.cloudera.org:8080/6137
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>

Reply via email to