[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

Mon, 22 Oct 2012 13:48:17 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481771#comment-13481771
 ] 

Kan Zhang commented on HADOOP-8779:
-----------------------------------

bq. I think we need to be clear on which client we are discussing to avoid 
confusion. The is the low-level RCP client uses a token if available, else 
kerberos or simple. Then there's a high-level client, like the job client, that 
needs to determine if it should get a token.

I'd consider that implementation detail. Once we agree on how the client should 
behave, we can then look at where it should be implemented. For example, the 
job client upper layer could decide on which auth method to use and tell RPC 
client to use that, or it could just pass to the RPC client the connection type 
(initial or subsequent) and let RPC client choose the right auth method. I'd 
prefer the latter since it would make it easier to support automatic failover 
from one auth method to another down the road.

bq. I agree these are all very valid questions that we need to address. I hope 
these don't block HDFS-4056 and HADOOP-8785 (not posted because it depends on 
HDFS-4056). These jiras are incremental steps forward that are independent from 
this larger discussion. These jiras will not change job submission or task 
execution behavior until the job client is changed.

I think we should agree on the overall design and what behaviors are supported 
at each piece, at least at a high-level, before making changes to any of them. 
For example, if we agree on supporting SIMPLE + SIMPLE, HDFS-4056 is not 
needed. 
                
> Use tokens regardless of authentication type
> --------------------------------------------
>
>                 Key: HADOOP-8779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8779
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, security
>    Affects Versions: 3.0.0, 2.0.2-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).  
> Authorization may be granted independently of the authentication model.  
> Tokens should be used regardless of simple or kerberos authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to