[
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483877#comment-13483877
]
Kan Zhang commented on HADOOP-8779:
-----------------------------------
bq. I think we're starting to over-engineer the issue at hand and bleeding
requirements for other jiras like HADOOP-8758 into the design.
I don't feel that way. I would have made the same comments and suggestions even
if our goal was to simply enable SIMPLE + TOKEN without the perspective of
adding any new auth method (ex., TOKEN + TOKEN, which is the goal of
HADOOP-8758) in the future. To pair tokens with more than one initial auth
method isn't trivial. Otherwise, we would have done it in the first
implementation of tokens. As I said earlier, the main work of HADOOP-8758 is
actually about removing the tight coupling of Kerberos with tokens, and not
about adding new auth methods. But you wanted to do it in this JIRA. Hope you
didn't regret it. :-)
bq. I feel we have become excessively bogged down trying to supporting SIMPLE
with tokens (my initial goal) and w/o tokens (your goal).
SIMPLE w/o tokens is currently supported and I think there is value in keep
supporting it. I'm sorry if this work turns out to be more than what you
planned, but we should try to enable/optimize Hadoop for more use cases rather
than less, right?
bq. A far simpler approach is supporting SASL's PLAIN mechanism. It's basically
hadoop's SIMPLE, but within the context of SASL. The end result is that PLAIN
will trigger all the isSecurityEnabled code w/o changing any of the behavior of
SIMPLE. The change becomes almost trivial because I won't have to touch the
security conditionals in filesystems, mr, or yarn.
The reason why we didn't use SASL's PLAIN mechanism is we didn't want to pay
the overhead of SASL when security is turned off. But it is irrelevant here.
Even if we used SASL PLAIN, we would still have to differentiate between PLAIN
and DIGEST-MD5, so that NN knows when to start its SecretManager. In
particular, when PLAIN is configured, it shouldn't trigger the
isSecurityEnabled code path.
bq. I don't feel we need to ponder multiple internal auths
We need to support at least 2, SIMPLE and TOKEN. I've said that repeatedly, I
hope this time it gets to you. :-)
Btw, I don't have bandwidth to respond to you on a daily basis (as I have done
in the past few days). I apologize if my responses appear to be a little slow.
And I wasn't able to provide comments on subtasks HADOOP-8783 and HADOOP-8784
before they were committed. They escaped my radar since their titles didn't
sound like they were related to this JIRA. I thought they were mere
"improvements", not behavior changing patches. :-)
> Use tokens regardless of authentication type
> --------------------------------------------
>
> Key: HADOOP-8779
> URL: https://issues.apache.org/jira/browse/HADOOP-8779
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs, security
> Affects Versions: 3.0.0, 2.0.2-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).
> Authorization may be granted independently of the authentication model.
> Tokens should be used regardless of simple or kerberos authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
