The most common way for a client to interact with a Hadoop cluster is through RPC. A
Hadoop client when talking to a secure cluster uses the SASL protocol to authenticate
itself. The client uses RPC to connect to the NameNode when serving the HDFS protocol.
For RPC connections, Hadoop uses Java’s SASL abstraction. Java’s SASL library supports
quality of protection settings. When the hadoop.rpc.protection
property is set to
privacy, the data over RPC is encrypted with symmetric keys. Please refer to Hortonworks'
blog for more details on the hadoop.rpc.protection
setting. Note that RPC
encryption covers not only the channel between a client and Hadoop cluster but also the
inter cluster communication among Hadoop services.