[
https://issues.apache.org/jira/browse/HADOOP-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12828020#action_12828020
]
Owen O'Malley commented on HADOOP-6419:
---------------------------------------
I can answer some of the Token questions.
TokenIdentifier is the information that is specific to that kind of token. In
the case of the HDFS delegation token, it is things like the user's name, when
it was granted, the maximum lifetime, etc. For job token's the identifier is
the job id. The other part of the token, which is the password is the hmac hash
of the serialized identifier combined with the secret key.
TokenSelector is the class that selects the token (from the set that the user
has) to use for this particular rpc connection. For example, map 0 of my job
will have a JobToken and a HDFS DelegationToken. The JobToken will be used to
connect to the TaskTracker to ask for work and the DelegationToken will be used
to connect to the NameNode. Also note that a single job may talk to multiple
NameNodes and will need a different delegation token for each.
> Change RPC layer to support SASL based mutual authentication
> ------------------------------------------------------------
>
> Key: HADOOP-6419
> URL: https://issues.apache.org/jira/browse/HADOOP-6419
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6419-26.patch, c6419-39.patch, c6419-45.patch,
> c6419-66.patch, c6419-67.patch, c6419-69.patch, c6419-70.patch
>
>
> The authentication mechanism to use will be SASL DIGEST-MD5 (see RFC-2222 and
> RFC-2831) or SASL GSSAPI/Kerberos. Since J2SE 5, Sun provides a SASL
> implementation by default. Both our delegation token and job token can be
> used as credentials for SASL DIGEST-MD5 authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
