Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7465F1064C for ; Tue, 6 Aug 2013 14:51:49 +0000 (UTC) Received: (qmail 16038 invoked by uid 500); 6 Aug 2013 14:51:49 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 15952 invoked by uid 500); 6 Aug 2013 14:51:49 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 15924 invoked by uid 99); 6 Aug 2013 14:51:48 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Aug 2013 14:51:48 +0000 Date: Tue, 6 Aug 2013 14:51:48 +0000 (UTC) From: "Daryn Sharp (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-9804) Hadoop RPC TokenAuthn method MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-9804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730838#comment-13730838 ] Daryn Sharp commented on HADOOP-9804: ------------------------------------- Yes, good job! But this really big. At first glance, it dismays me to see TokenAuthn conditionals being riddled through the codebase. I intend to remove/generalize the required methods (like relogin()) with my overall SASL changes. The goal should be to hide the details for security from a service. This requires the security framework to be more modular (a shared goal of ours) that exposes generic methods that are non-authMethod specific. > Hadoop RPC TokenAuthn method > ---------------------------- > > Key: HADOOP-9804 > URL: https://issues.apache.org/jira/browse/HADOOP-9804 > Project: Hadoop Common > Issue Type: Task > Components: security > Reporter: Kai Zheng > Assignee: Kai Zheng > Labels: TokenAuth > Fix For: 3.0.0 > > Attachments: HADOOP-9804-v1.patch > > > As defined in TokenAuth framework, TokenAuthn as a new authentication method is to be added in current Hadoop SASL authentication framework, to allow client to access service with access token. The scope of this is as follows: > > * Add a new SASL mechanism for TokenAuthn method, including necessary SASL client and SASL server with corresponding callbacks; > * Add TokenAuthn method in UGI and allow the method to be configured for Hadoop and the ecosystem; > * Allow TokenAuthn method to be negotiated between client and server; > * Define the IDP-initiated flow and SP-initiated flow in the RPC access; > * Allow access token to be negotiated between client and server, considering both IDP-initiated case and SP-initiated case. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira