[
https://issues.apache.org/jira/browse/HADOOP-9841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730792#comment-13730792
]
Daryn Sharp commented on HADOOP-9841:
-------------------------------------
Although this does indeed need to be modular, we must carefully consider the
ramifications of allowing anything to change the JAAS conf at runtime. An
extreme example of my concern: Back in .20 days, the JT would reject all
connections every few days. The issue was tracked down to a service loaded
class with a static block that changed the global JAAS config. Kerberos
relogin was turned into a no-op. It took me ~2w to track that down.
At first glance, it's perhaps a bit too abstracted just for the purpose of
adding the jaas debug option?
> Manageable login configuration and options for UGI
> --------------------------------------------------
>
> Key: HADOOP-9841
> URL: https://issues.apache.org/jira/browse/HADOOP-9841
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Labels: Rhino
> Attachments: HADOOP-9841.patch
>
>
> As discussed in HADOOP-9797, it would be better to improve UGI incrementally.
> Currently in UGI implementation, it’s not easy to add or change login
> configuration and the options for relevant login modules dynamically. This is
> to address the issue, make login configuration manageable, and convert
> existing JAAS login configurations with their login module options into new
> way. Double check to make sure the converting is equivalent and doesn’t break.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
