[
https://issues.apache.org/jira/browse/HADOOP-6299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Owen O'Malley updated HADOOP-6299:
----------------------------------
Attachment: h-6299.patch
Here's a preliminary patch for common.
This patch:
# Works on Linux and Mac. It should work on Windows, except for the numeric
group ids.
# The default UserGroupInformation.getUserName() is the full qualified name if
Kerberos is turned on
# The Kerberos login module is optional, even if Kerberos is turned on.
# There is a doAs method on UGI to work as another user.
# We don't export the Subject from UGI any more
# Group is removed and User is now private.
# You can't set/get a UGI from a configuration.
# Service level authorization is radically changed to use the UGI instead of
the Subject.
# Strengthened the SLA unit test
# Moved SLA tests from WritableRpcEngine to the framework
# Passes unit tests
It still needs:
# A method to add/get tokens from the subject.
# A method to ask whether security is turned on.
# A method to set the configuration.
# Fix for windows to use the numeric group id method.
and of course, we need to fix HDFS and MapReduce. *smile*
> Use JAAS LoginContext for our login
> -----------------------------------
>
> Key: HADOOP-6299
> URL: https://issues.apache.org/jira/browse/HADOOP-6299
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Arun C Murthy
> Assignee: Owen O'Malley
> Fix For: 0.22.0
>
> Attachments: h-6299.patch, UserGroupInformation.java,
> UserGroupInformation.java
>
>
> Currently we use a custom login module in UnixUserGroupInformation for
> acquiring user-credentials (via config or exec'ing 'whoami'). We should
> switch to using standard JAAS components such as LoginContext and possibly
> implement a custom UnixLoginContext for our current requirements. In future
> we can use this for Kerberos etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
