accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3045) Support AuthenticationToken backed by CredentialProvider
Date Tue, 05 Aug 2014 20:51:13 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086728#comment-14086728
] 

Christopher Tubbs commented on ACCUMULO-3045:
---------------------------------------------

I noticed you had a few methods in the commit that overrode the super class, but simply called
super.method() (in particular, write() and readFields()). Is there some reason these don't
just inherit from the parent class?

Also, I'm a bit confused on the intent. Is the token intended to resolve on the client side
to a PasswordToken? Or is it intended to resolve on the server-side after the CredentialToken
is reconstructed from the RPC? (I only briefly glanced at the diff so far, but hoping to get
some information on intent, before further evaluation). My current understanding is that this
does the latter (resolving the actual credentials on the server-side). If that is the case,
it seems like there may be a gap for a "PasswordResolver.getPasswordToken(CredentialProvider
cp);" for client-side resolution (for instance, in the case of reading a password from the
local filesystem or environment).

> Support AuthenticationToken backed by CredentialProvider
> --------------------------------------------------------
>
>                 Key: ACCUMULO-3045
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3045
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: client
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.6.1, 1.7.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Along the same lines as ACCUMULO-2464, the MapReduce AuthenticationToken serialization
also has the potential to be stored in a non-secure form. Some of this is mitigated via Base64
the password to remove human-readable-ness, the ability to serialize an AuthenticationToken
to a file, etc.
> Wiring up a CredentialProvider as an AuthenticationToken is another option provided to
us by Hadoop likely to handle tricky security-related concerns for us.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message