diff options
| author | Marcelo Vanzin <vanzin@cloudera.com> | 2017-01-24 10:44:04 -0800 |
|---|---|---|
| committer | Shixiong Zhu <shixiong@databricks.com> | 2017-01-24 10:44:04 -0800 |
| commit | 8f3f73abc1fe62496722476460c174af0250e3fe (patch) | |
| tree | 345e96eab2294792a867d6009cc9209d6ec0b27f /resource-managers | |
| parent | d9783380ff0a6440117348dee3205826d0f9687e (diff) | |
| download | spark-8f3f73abc1fe62496722476460c174af0250e3fe.tar.gz spark-8f3f73abc1fe62496722476460c174af0250e3fe.tar.bz2 spark-8f3f73abc1fe62496722476460c174af0250e3fe.zip | |
[SPARK-19139][CORE] New auth mechanism for transport library.
This change introduces a new auth mechanism to the transport library,
to be used when users enable strong encryption. This auth mechanism
has better security than the currently used DIGEST-MD5.
The new protocol uses symmetric key encryption to mutually authenticate
the endpoints, and is very loosely based on ISO/IEC 9798.
The new protocol falls back to SASL when it thinks the remote end is old.
Because SASL does not support asking the server for multiple auth protocols,
which would mean we could re-use the existing SASL code by just adding a
new SASL provider, the protocol is implemented outside of the SASL API
to avoid the boilerplate of adding a new provider.
Details of the auth protocol are discussed in the included README.md
file.
This change partly undos the changes added in SPARK-13331; AES encryption
is now decoupled from SASL authentication. The encryption code itself,
though, has been re-used as part of this change.
## How was this patch tested?
- Unit tests
- Tested Spark 2.2 against Spark 1.6 shuffle service with SASL enabled
- Tested Spark 2.2 against Spark 2.2 shuffle service with SASL fallback disabled
Author: Marcelo Vanzin <vanzin@cloudera.com>
Closes #16521 from vanzin/SPARK-19139.
Diffstat (limited to 'resource-managers')
| -rw-r--r-- | resource-managers/mesos/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosCoarseGrainedSchedulerBackend.scala | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/resource-managers/mesos/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosCoarseGrainedSchedulerBackend.scala b/resource-managers/mesos/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosCoarseGrainedSchedulerBackend.scala index 3258b09c06..f555072c38 100644 --- a/resource-managers/mesos/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosCoarseGrainedSchedulerBackend.scala +++ b/resource-managers/mesos/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosCoarseGrainedSchedulerBackend.scala @@ -136,8 +136,7 @@ private[spark] class MesosCoarseGrainedSchedulerBackend( new MesosExternalShuffleClient( SparkTransportConf.fromSparkConf(conf, "shuffle"), securityManager, - securityManager.isAuthenticationEnabled(), - securityManager.isSaslEncryptionEnabled()) + securityManager.isAuthenticationEnabled()) } var nextMesosTaskId = 0 |