Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0BFE010EF2 for ; Fri, 23 Aug 2013 00:45:53 +0000 (UTC) Received: (qmail 13908 invoked by uid 500); 23 Aug 2013 00:45:52 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 13883 invoked by uid 500); 23 Aug 2013 00:45:52 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 13846 invoked by uid 99); 23 Aug 2013 00:45:52 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Aug 2013 00:45:52 +0000 Date: Fri, 23 Aug 2013 00:45:52 +0000 (UTC) From: "Larry McCay (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-9797) Pluggable and compatible UGI change MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-9797?page=3Dcom.atlassia= n.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D137= 48145#comment-13748145 ]=20 Larry McCay commented on HADOOP-9797: ------------------------------------- In fact, we have to be really careful about changing the client facing APIs= . For instance, clients - including third parties - leverage static loginUs= erFromKeyTab methods. It is difficult to impossible to know all the consume= rs of those APIs. So anyway, that is just a heads-up. =20 > Pluggable and compatible UGI change > ----------------------------------- > > Key: HADOOP-9797 > URL: https://issues.apache.org/jira/browse/HADOOP-9797 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Reporter: Kai Zheng > Assignee: Kai Zheng > Labels: Rhino > Fix For: 3.0.0 > > Attachments: HADOOP-9797-v1.patch > > > As already widely discussed current UGI related classes needs to be impro= ved in many aspects. This is to improve and make UGI so that it can be:=20 > =20 > * Pluggable, new authentication method with its login module can be dynam= ically registered and plugged without having to change the UGI class; > * Extensible, login modules with their options can be dynamically extende= d and customized so that can be reusable elsewhere, like in TokenAuth; > =20 > * No Kerberos relevant, remove any Kerberos relevant functionalities out = of it to make it simple and suitable for other login mechanisms;=20 > * Of appropriate abstraction and API, with improved abstraction and API i= t=E2=80=99s possible to allow authentication implementations not using JAAS= modules; > * Compatible, should be compatible with previous deployment and authentic= ation methods, so the existing APIs won=E2=80=99t be removed and some of th= em are just to be deprecated. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrato= rs For more information on JIRA, see: http://www.atlassian.com/software/jira