hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9840) Improve User class for UGI and decouple it from Kerberos
Date Tue, 06 Aug 2013 14:29:48 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9840?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730815#comment-13730815

Daryn Sharp commented on HADOOP-9840:

This appears to be further locking in that a UGI may have one and only one login identity
by using auth-specific subclasses of User.  If so, that poses a problem for a client that
needs multiple login credentials for a heterogenous security env (ie. kerberos + hsso).
> Improve User class for UGI and decouple it from Kerberos
> --------------------------------------------------------
>                 Key: HADOOP-9840
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9840
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Minor
>              Labels: Rhino
>         Attachments: HADOOP-9840.patch, HADOOP-9840.patch
> As discussed in HADOOP-9797, it would be better to improve UGI incrementally. Open this
JIRA to improve User class to:
> * Make it extensible as a base class, then can have subclasses like SimpleUser for Simple
authn, KerberosUser for Kerberos authn, IdentityTokenUser for TokenAuth (in future), and etc.
> * Decouple it from Kerberos.
> * Refactor UGI class safely, move testing related codes out of it.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message