[
https://issues.apache.org/jira/browse/HADOOP-6299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Owen O'Malley updated HADOOP-6299:
----------------------------------
Attachment: h-6299.patch
This patch updates Common to the new UGI.
Details:
1. Removes the UnixUserGroupInformation class.
2. The UserGroupInformation becomes a thin shell over the Subject.
3. The Subject is no longer exposed to clients.
4. It adds a doAs method for working as another user.
5. Simplifies the Service Level Authorization to check directly rather than
going through permissions.
6. UGI loads Kerberos tickets into the subject.
7. methods to load user credentials from keytab files.
> Use JAAS LoginContext for our login
> -----------------------------------
>
> Key: HADOOP-6299
> URL: https://issues.apache.org/jira/browse/HADOOP-6299
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Arun C Murthy
> Assignee: Owen O'Malley
> Fix For: 0.22.0
>
> Attachments: 6299-MR-early.patch, h-6299.patch, h-6299.patch,
> HADOOP-6299-2.patch, UserGroupInformation.java, UserGroupInformation.java
>
>
> Currently we use a custom login module in UnixUserGroupInformation for
> acquiring user-credentials (via config or exec'ing 'whoami'). We should
> switch to using standard JAAS components such as LoginContext and possibly
> implement a custom UnixLoginContext for our current requirements. In future
> we can use this for Kerberos etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
