[
https://issues.apache.org/jira/browse/HADOOP-11766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14497640#comment-14497640
]
Yi Liu commented on HADOOP-11766:
---------------------------------
Hi Kai, could you upload a design doc firstly? Then people can have better
understand.
> Generic token authentication support for Hadoop
> -----------------------------------------------
>
> Key: HADOOP-11766
> URL: https://issues.apache.org/jira/browse/HADOOP-11766
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Kai Zheng
>
> As a major goal of Rhino project, we proposed *TokenAuth* effort in
> HADOOP-9392, where it's to provide a common token authentication framework to
> integrate multiple authentication mechanisms, by adding a new
> {{AuthenticationMethod}} in lieu of {{KERBEROS}} and {{SIMPLE}}. To minimize
> the required changes and risk, we thought of another approach to achieve the
> general goals based on Kerberos as Kerberos itself supports a
> pre-authentication framework in both spec and implementation, which was
> discussed in HADOOP-10959 as *TokenPreauth*. In both approaches, we had
> performed workable prototypes covering both command line console and Hadoop
> web UI.
> As HADOOP-9392 is rather lengthy and heavy, HADOOP-10959 is mostly focused on
> the concrete implementation approach based on Kerberos, we open this for more
> general and updated discussions about requirement, use cases, and concerns
> for the generic token authentication support for Hadoop. We distinguish this
> token from existing Hadoop tokens as the token in this discussion is majorly
> for the initial and primary authentication. We will refine our existing codes
> in HADOOP-9392 and HADOOP-10959, break them down into smaller patches based
> on latest trunk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
