hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9840) Improve User class for UGI and decouple it from Kerberos
Date Tue, 06 Aug 2013 14:29:48 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9840?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730815#comment-13730815
] 

Daryn Sharp commented on HADOOP-9840:
-------------------------------------

This appears to be further locking in that a UGI may have one and only one login identity
by using auth-specific subclasses of User.  If so, that poses a problem for a client that
needs multiple login credentials for a heterogenous security env (ie. kerberos + hsso).
                
> Improve User class for UGI and decouple it from Kerberos
> --------------------------------------------------------
>
>                 Key: HADOOP-9840
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9840
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Minor
>              Labels: Rhino
>         Attachments: HADOOP-9840.patch, HADOOP-9840.patch
>
>
> As discussed in HADOOP-9797, it would be better to improve UGI incrementally. Open this
JIRA to improve User class to:
> * Make it extensible as a base class, then can have subclasses like SimpleUser for Simple
authn, KerberosUser for Kerberos authn, IdentityTokenUser for TokenAuth (in future), and etc.
> * Decouple it from Kerberos.
> * Refactor UGI class safely, move testing related codes out of it.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message