[
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484127#comment-13484127
]
Daryn Sharp commented on HADOOP-8779:
-------------------------------------
bq. Even if we used SASL PLAIN, we would still have to differentiate between
PLAIN and DIGEST-MD5, so that NN knows when to start its SecretManager. In
particular, when PLAIN is configured, it shouldn't trigger the
isSecurityEnabled code path.
I'm making {{isSecurityEnabled}} mean SASL is being used. SIMPLE doesn't
change at all and doesn't use tokens, while PLAIN means security is enabled and
tokens are required for internal auth.
bq. (Re: Multiple internal auths) We need to support at least 2, SIMPLE and
TOKEN. I've said that repeatedly, I hope this time it gets to you. :)
There's no debate, we already are and have in completely agreement. In these
jiras you've hinted at selectable internal auths, so all I meant to clarify is
security (!SIMPLE) for internal auth is token, SIMPLE is SIMPLE which is why
I've chosen the PLAIN route.
> Use tokens regardless of authentication type
> --------------------------------------------
>
> Key: HADOOP-8779
> URL: https://issues.apache.org/jira/browse/HADOOP-8779
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs, security
> Affects Versions: 3.0.0, 2.0.2-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).
> Authorization may be granted independently of the authentication model.
> Tokens should be used regardless of simple or kerberos authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
