hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9926) Authentication specific login implementation in separate class from UGI
Date Tue, 03 Sep 2013 11:55:51 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9926?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13756541#comment-13756541
] 

Alejandro Abdelnur commented on HADOOP-9926:
--------------------------------------------

Is there any reason why we don't just require implementing a JAAS LoginModule for anybody
wanting a diff authentication? we implement a SimpleLoginModule for unsecure auth and for
Kerberos we just use the one provided by the JDK? If we do that, for Kerberos the only thing
we would need to do is to provide preconfigured 'javax.security.auth.login.Configuration'
implementations (which we already have) and the mechanism for loading them based on the desired
authentication. 
                
> Authentication specific login implementation in separate class from UGI
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-9926
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9926
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>
> As discussed in HADOOP-9797, we would improve UGI class in incremental patches. This
issue covers the following in the patch that will be attached for this issue:
>  
> * HadoopLogin is an interface, and AbstractHadoopLogin is the abstract implementation
for it, to define the API and common implementation for various login mechanisms, not just
for JAAS based. 
> * Login implementation details, are removed from UGI and wrapped in concrete HadoopLogin
implementations like SimpleAuthnLogin, UserKerberosLogin and KeytabKerberosLogin, which will
be simply employed by appropriate UGI login related methods to do the login work. 
> * The login result can be returned via getSubject() for now from the HadoopLogin interface,
and UGI can call it to get the result. The result is then wrapped in a UGI object.
> * For Kerberos part, we might cover it in another JIRA since the change is big.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message