hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Cutting (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6299) Use JAAS LoginContext for our login
Date Thu, 28 Jan 2010 20:01:38 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12806060#action_12806060
] 

Doug Cutting commented on HADOOP-6299:
--------------------------------------

> They were never intended to be public interfaces. They were intended to be limited to
HDFS and MapReduce.

Hmm.  UnixUserGroupInformation.java was added as a public class in December of 2007, in HADOOP-2299.
 At that point in time Java visibility was used to define back-compatibility constraints.

HADOOP-5073 proposed changing back-compatibility constraints, but its proposed constraints
were never subjected to a vote.  Sanjay states that any API not listed in his final comment
there (added after the commit) are unstable.  I'd be much more comfortable with that policy
if a patch had been approved by consensus that actually added the annotations to all unstable
public classes.  Without that, our users have no ability to see what's stable and what's not.
 This policy been subject to any vote, only the code that permits us to declare scopes has.


> Use JAAS LoginContext for our login
> -----------------------------------
>
>                 Key: HADOOP-6299
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6299
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Arun C Murthy
>            Assignee: Owen O'Malley
>             Fix For: 0.22.0
>
>         Attachments: 6299-MR-early.patch, h-6299.patch, h-6299.patch, h-6299.patch, h-6299.patch,
h-6299.patch, HADOOP-6299-2.patch, UserGroupInformation.java, UserGroupInformation.java
>
>
> Currently we use a custom login module in UnixUserGroupInformation for acquiring user-credentials
(via config or exec'ing 'whoami'). We should switch to using standard JAAS components such
as LoginContext and possibly implement a custom UnixLoginContext for our current requirements.
In future we can use this for Kerberos etc. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message