hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11766) Generic token authentication support for Hadoop
Date Thu, 16 Apr 2015 07:43:59 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14497676#comment-14497676
] 

Kai Zheng commented on HADOOP-11766:
------------------------------------

Thanks [~hitliuyi] for the suggestion. Yes, I will upload a design doc while working on initial
patches.

> Generic token authentication support for Hadoop
> -----------------------------------------------
>
>                 Key: HADOOP-11766
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11766
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Kai Zheng
>
> As a major goal of Rhino project, we proposed *TokenAuth* effort in HADOOP-9392, where
it's to provide a common token authentication framework to integrate multiple authentication
mechanisms, by adding a new {{AuthenticationMethod}} in lieu of {{KERBEROS}} and {{SIMPLE}}.
To minimize the required changes and risk, we thought of another approach to achieve the general
goals based on Kerberos as Kerberos itself supports a pre-authentication framework in both
spec and implementation, which was discussed in HADOOP-10959 as *TokenPreauth*. In both approaches,
we had performed workable prototypes covering both command line console and Hadoop web UI.

> As HADOOP-9392 is rather lengthy and heavy, HADOOP-10959 is mostly focused on the concrete
implementation approach based on Kerberos, we open this for more general and updated discussions
about requirement, use cases, and concerns for the generic token authentication support for
Hadoop. We distinguish this token from existing Hadoop tokens as the token in this discussion
is majorly for the initial and primary authentication. We will refine our existing codes in
HADOOP-9392 and HADOOP-10959, break them down into smaller patches based on latest trunk.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message