hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Douglas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6299) Use JAAS LoginContext for our login
Date Fri, 29 Jan 2010 01:01:42 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12806180#action_12806180
] 

Chris Douglas commented on HADOOP-6299:
---------------------------------------

bq. I'd be much more comfortable with that policy if a patch had been approved by consensus
that actually added the annotations to all unstable public classes. Without that, our users
have no ability to see what's stable and what's not. This policy been subject to any vote,
only the code that permits us to declare scopes has.

HADOOP-5073 had nearly a year of discussion before it was committed; that clause was in the
first draft. Still, if you feel strongly about it, start a discussion and call a vote. In
Hadoop, a whitelist of "this is public" makes a lot more sense to me than a blacklist of "this
is private," but I can see why some users would disagree.

bq. UnixUserGroupInformation.java was added as a public class in December of 2007, in HADOOP-2299.
At that point in time Java visibility was used to define back-compatibility constraints.

Really? The scope of our back-compatibility constraints was not defined, which I thought was
the motivation of HADOOP-5073. Asserting that this undocumented policy should apply to this
issue until HADOOP-5073 gets even more discussion isn't a gap easily bridged for me. Is functionality
lost when UnixUserGroupInformation is removed or is it redundant in the new code? Is the issue
only that a public class was removed without first deprecating it?

> Use JAAS LoginContext for our login
> -----------------------------------
>
>                 Key: HADOOP-6299
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6299
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Arun C Murthy
>            Assignee: Owen O'Malley
>             Fix For: 0.22.0
>
>         Attachments: 6299-MR-early.patch, h-6299.patch, h-6299.patch, h-6299.patch, h-6299.patch,
h-6299.patch, HADOOP-6299-2.patch, UserGroupInformation.java, UserGroupInformation.java
>
>
> Currently we use a custom login module in UnixUserGroupInformation for acquiring user-credentials
(via config or exec'ing 'whoami'). We should switch to using standard JAAS components such
as LoginContext and possibly implement a custom UnixLoginContext for our current requirements.
In future we can use this for Kerberos etc. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message