Return-Path: Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: (qmail 10221 invoked from network); 24 Feb 2010 02:05:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 24 Feb 2010 02:05:51 -0000 Received: (qmail 11511 invoked by uid 500); 24 Feb 2010 02:05:51 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 11462 invoked by uid 500); 24 Feb 2010 02:05:51 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 11434 invoked by uid 99); 24 Feb 2010 02:05:51 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Feb 2010 02:05:51 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Feb 2010 02:05:49 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id AAC04234C48C for ; Tue, 23 Feb 2010 18:05:28 -0800 (PST) Message-ID: <581484142.479671266977128698.JavaMail.jira@brutus.apache.org> Date: Wed, 24 Feb 2010 02:05:28 +0000 (UTC) From: "Kan Zhang (JIRA)" To: common-issues@hadoop.apache.org Subject: [jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to UGI so that they can be used for authorization In-Reply-To: <1496415630.416121266718707899.JavaMail.jira@brutus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kan Zhang updated HADOOP-6581: ------------------------------ Status: Patch Available (was: Open) > Add authenticated TokenIdentifiers to UGI so that they can be used for authorization > ------------------------------------------------------------------------------------ > > Key: HADOOP-6581 > URL: https://issues.apache.org/jira/browse/HADOOP-6581 > Project: Hadoop Common > Issue Type: New Feature > Components: ipc, security > Reporter: Kan Zhang > Assignee: Kan Zhang > Attachments: c6581-10.patch, c6581-12.patch > > > When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.