hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type
Date Thu, 25 Oct 2012 13:59:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484127#comment-13484127
] 

Daryn Sharp commented on HADOOP-8779:
-------------------------------------

bq. Even if we used SASL PLAIN, we would still have to differentiate between PLAIN and DIGEST-MD5,
so that NN knows when to start its SecretManager. In particular, when PLAIN is configured,
it shouldn't trigger the isSecurityEnabled code path.

I'm making {{isSecurityEnabled}} mean SASL is being used.  SIMPLE doesn't change at all and
doesn't use tokens, while PLAIN means security is enabled and tokens are required for internal
auth.

bq. (Re: Multiple internal auths) We need to support at least 2, SIMPLE and TOKEN. I've said
that repeatedly, I hope this time it gets to you. :)

There's no debate, we already are and have in completely agreement.  In these jiras you've
hinted at selectable internal auths, so all I meant to clarify is security (!SIMPLE) for internal
auth is token, SIMPLE is SIMPLE which is why I've chosen the PLAIN route.
                
> Use tokens regardless of authentication type
> --------------------------------------------
>
>                 Key: HADOOP-8779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8779
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, security
>    Affects Versions: 3.0.0, 2.0.2-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).  Authorization
may be granted independently of the authentication model.  Tokens should be used regardless
of simple or kerberos authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message