hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jakob Homan (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
Date Wed, 26 May 2010 19:23:36 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jakob Homan updated HADOOP-6581:
--------------------------------

    Hadoop Flags: [Reviewed]

+1.  To avoid having BlockAccessToken released as part of 21, and therefore need to be supported
for two versions, I'm planning on committing this and HDFS-992 to 21, to make sure BlockTokenIdentifer
replaces BlockAccessToken in those releases.

> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6581
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6581
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: ipc, security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch,
c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be
needed for access authorization. This information is typically specified in TokenIdentifier.
This is especially true for block tokens used for client-to-datanode accesses, where authorization
is based on access permissions specified in TokenIdentifier, and not on username. Block tokens
used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359
for more info.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message