[jira] [Commented] (HADOOP-10959) A complement solution to TokenAuth based on Kerberos pre-authentication framework

Tue, 23 Dec 2014 21:48:29 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14257998#comment-14257998
 ] 

Kai Zheng commented on HADOOP-10959:
------------------------------------

Just some update.

We're working on defining the token-preauth and access-token-profile drafts 
with MIT Kerberos team. As it's of low priority it's running very slow.

Meanwhile, we have also initiated [Haox|https://github.com/drankye/haox] 
project, targeting a Java Kerberos implementation and based on it, we're going 
to prototype the Kerberos extensions in not so long future.

https://github.com/drankye/haox

> A complement solution to TokenAuth based on Kerberos pre-authentication 
> framework
> ---------------------------------------------------------------------------------
>
>                 Key: HADOOP-10959
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10959
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>              Labels: Rhino
>         Attachments: KerbToken-v2.pdf
>
>
> To implement and integrate pluggable authentication providers, enhance 
> desirable single sign on for end users, and help enforce centralized access 
> control on the platform, the community has widely discussed and concluded 
> token based authentication could be the appropriate approach. TokenAuth 
> (HADOOP-9392) was proposed and is under development to implement another 
> Authentication Method in lieu with Simple and Kerberos. It is a big and long 
> term effort to support TokenAuth across the entire ecosystem. We here propose 
> a short term replacement based on Kerberos that can complement to TokenAuth. 
> Our solution involves less codes changes with limited risk and the main 
> development work has already been done in our POC. Users can use our solution 
> as a short term solution to support token inside Hadoop.
> This effort and resultant solution will be fully described in the design 
> document to be attached. And the brief introduction will be commented.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to