accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Turner (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-259) ZKAuthentictor needs to be split up
Date Mon, 09 Jan 2012 18:08:39 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13182676#comment-13182676
] 

Keith Turner commented on ACCUMULO-259:
---------------------------------------

This interface suggest that whatever is doing authentication can also hold accumulo specific
info about users.  I am thinking of the use case where I am running OpenLDAP and I want to
use that to authenticate users.  However, I do not want to store accumulo specific info in
OpenLDAP, I would prefer that is still in zookeeper.  Not sure if this is a plausible use
case, but it seems like it might be.  To better support this use case, we could have two interfaces.
 

{noformat}
interface Authenticator {
  public boolean authenticate(AuthInfo user);
  public boolean changePassword(AuthInfo user, byte[] newPass);
  public boolean createUser(AuthInfo newUser);
  public void init(String rootuser, byte[] rootPass);
  public List<String> users();
  public boolean userExists(String user);
}
{noformat}

{noformat}
interface UserCapabilities {
  public boolean hasPermission(String user, Table/SystemPermission);
  public boolean setPermission(String user, Table/SystemPermission);
  public boolean revokePermission(String user, Table/SystemPermission);
  public boolean changeAuthorizations(String user, Auths newAuths);
  public Auths getAuths(String user);
}
{noformat}




                
> ZKAuthentictor needs to be split up
> -----------------------------------
>
>                 Key: ACCUMULO-259
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-259
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: master, tserver
>            Reporter: John Vines
>            Assignee: Eric Newton
>
> Currently the ZKAuthenticator does both the checking of credentials as well as the functionality
of the Authenticator. We need to split those into two different classes for improved testing
as well as pluggability of the security scheme.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message