jojochuang commented on code in PR #7983:
URL: https://github.com/apache/hadoop/pull/7983#discussion_r2417441432
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslMechanismFactory.java:
##########
@@ -65,5 +65,13 @@ public static boolean isDefaultMechanism(String
saslMechanism) {
return HADOOP_SECURITY_SASL_MECHANISM_DEFAULT.equals(saslMechanism);
}
+ public static boolean isDigestMechanism(String saslMechanism) {
+ return saslMechanism.startsWith("DIGEST-");
Review Comment:
maybe consider using hadoop.security.sasl.mechanism to ensure the value is
expected?
```
<property>
<name>hadoop.security.sasl.mechanism</name>
<value>DIGEST-MD5</value>
<description>
The SASL mechanism used in Hadoop.
</description>
</property>
```
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java:
##########
@@ -2673,7 +2673,7 @@ private RpcSaslProto buildSaslNegotiateResponse()
// accelerate token negotiation by sending initial challenge
// in the negotiation response
if (enabledAuthMethods.contains(AuthMethod.TOKEN)
- &&
SaslMechanismFactory.isDefaultMechanism(AuthMethod.TOKEN.getMechanismName())) {
+ &&
SaslMechanismFactory.isDigestMechanism(AuthMethod.TOKEN.getMechanismName())) {
Review Comment:
inside of matching just DIGEST-MD5, match any mechanisms starting with
DIGEST-*
What mechanisms do we have in mind? I am only aware of DIGEST-MD5. Others
may be possible but not standardized.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
