hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9804) Hadoop RPC TokenAuthn method
Date Tue, 06 Aug 2013 14:51:48 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730838#comment-13730838
] 

Daryn Sharp commented on HADOOP-9804:
-------------------------------------

Yes, good job!  But this really big.

At first glance, it dismays me to see TokenAuthn conditionals being riddled through the codebase.
 I intend to remove/generalize the required methods (like relogin()) with my overall SASL
changes.  The goal should be to hide the details for security from a service.  This requires
the security framework to be more modular (a shared goal of ours) that exposes generic methods
that are non-authMethod specific.
                
> Hadoop RPC TokenAuthn method
> ----------------------------
>
>                 Key: HADOOP-9804
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9804
>             Project: Hadoop Common
>          Issue Type: Task
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>              Labels: TokenAuth
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-9804-v1.patch
>
>
> As defined in TokenAuth framework, TokenAuthn as a new authentication method is to be
added in current Hadoop SASL authentication framework, to allow client to access service with
access token. The scope of this is as follows: 
>  
> * Add a new SASL mechanism for TokenAuthn method, including necessary SASL client and
SASL server with corresponding callbacks;
> * Add TokenAuthn method in UGI and allow the method to be configured for Hadoop and the
ecosystem;
> * Allow TokenAuthn method to be negotiated between client and server;
> * Define the IDP-initiated flow and SP-initiated flow in the RPC access;
> * Allow access token to be negotiated between client and server, considering both IDP-initiated
case and SP-initiated case. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message