Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6DFA8179CC for ; Sat, 14 Mar 2015 22:39:39 +0000 (UTC) Received: (qmail 9230 invoked by uid 500); 14 Mar 2015 22:39:38 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 9109 invoked by uid 500); 14 Mar 2015 22:39:38 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 8846 invoked by uid 99); 14 Mar 2015 22:39:38 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 14 Mar 2015 22:39:38 +0000 Date: Sat, 14 Mar 2015 22:39:38 +0000 (UTC) From: "Kai Zheng (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-10959) A Kerberos based token authentication approach MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-10959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362074#comment-14362074 ] Kai Zheng commented on HADOOP-10959: ------------------------------------ Status update. Haox was accepted by ApacheDS and *Apache Kerby* was launched. We're working on it and implementing the tokenPreauth mechanism in Kerby first. With the major work done there, we'll be back here soon to realize the token support for Hadoop based on Kerberos by leveraging Kerby. > A Kerberos based token authentication approach > ---------------------------------------------- > > Key: HADOOP-10959 > URL: https://issues.apache.org/jira/browse/HADOOP-10959 > Project: Hadoop Common > Issue Type: New Feature > Components: security > Reporter: Kai Zheng > Assignee: Kai Zheng > Labels: Rhino > Attachments: KerbToken-v2.pdf > > > To implement and integrate pluggable authentication providers, enhance desirable single sign on for end users, and help enforce centralized access control on the platform, the community has widely discussed and concluded token based authentication could be the appropriate approach. TokenAuth (HADOOP-9392) was proposed and is under development to implement another Authentication Method in lieu with Simple and Kerberos. It is a big and long term effort to support TokenAuth across the entire ecosystem. We here propose a short term replacement based on Kerberos that can complement to TokenAuth. Our solution involves less codes changes with limited risk and the main development work has already been done in our POC. Users can use our solution as a short term solution to support token inside Hadoop. > This effort and resultant solution will be fully described in the design document to be attached. And the brief introduction will be commented. -- This message was sent by Atlassian JIRA (v6.3.4#6332)