hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jiajia Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11766) Generic token authentication support for Hadoop
Date Mon, 23 Apr 2018 11:08:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16447960#comment-16447960
] 

Jiajia Li commented on HADOOP-11766:
------------------------------------

[~danilreddy] I'd like to introduce HAS(Hadoop Authentication Service) to you,  it is a
solution to support the authentication of open source big data ecosystem, you can implement
the plugin interface in HAS to integrate your custom OAuth service. Please look at https://github.com/apache/directory-kerby/tree/has-project/has
for details.

> Generic token authentication support for Hadoop
> -----------------------------------------------
>
>                 Key: HADOOP-11766
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11766
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Major
>         Attachments: HADOOP-11766-V1.patch
>
>
> As a major goal of Rhino project, we proposed *TokenAuth* effort in HADOOP-9392, where
it's to provide a common token authentication framework to integrate multiple authentication
mechanisms, by adding a new {{AuthenticationMethod}} in lieu of {{KERBEROS}} and {{SIMPLE}}.
To minimize the required changes and risk, we thought of another approach to achieve the general
goals based on Kerberos as Kerberos itself supports a pre-authentication framework in both
spec and implementation, which was discussed in HADOOP-10959 as *TokenPreauth*. In both approaches,
we had performed workable prototypes covering both command line console and Hadoop web UI.

> As HADOOP-9392 is rather lengthy and heavy, HADOOP-10959 is mostly focused on the concrete
implementation approach based on Kerberos, we open this for more general and updated discussions
about requirement, use cases, and concerns for the generic token authentication support for
Hadoop. We distinguish this token from existing Hadoop tokens as the token in this discussion
is majorly for the initial and primary authentication. We will refine our existing codes in
HADOOP-9392 and HADOOP-10959, break them down into smaller patches based on latest trunk.




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message