[
https://issues.apache.org/jira/browse/HADOOP-9797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735218#comment-13735218
]
Sanjay Radia commented on HADOOP-9797:
--------------------------------------
Given that this jira is going change a key part of the code, can you please add
a comment on what you will be testing beyond the unit tests. For security, we
have relied on a fair amount of manual testing. You should test the classic
kerberos case for both HDFS and MR, aloog with a trusted proxy (say OOzie).
> Pluggable and compatible UGI change
> -----------------------------------
>
> Key: HADOOP-9797
> URL: https://issues.apache.org/jira/browse/HADOOP-9797
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Labels: Rhino
> Fix For: 3.0.0
>
> Attachments: HADOOP-9797-v1.patch
>
>
> As already widely discussed current UGI related classes needs to be improved
> in many aspects. This is to improve and make UGI so that it can be:
>
> * Pluggable, new authentication method with its login module can be
> dynamically registered and plugged without having to change the UGI class;
> * Extensible, login modules with their options can be dynamically extended
> and customized so that can be reusable elsewhere, like in TokenAuth;
>
> * No Kerberos relevant, remove any Kerberos relevant functionalities out of
> it to make it simple and suitable for other login mechanisms;
> * Of appropriate abstraction and API, with improved abstraction and API it’s
> possible to allow authentication implementations not using JAAS modules;
> * Compatible, should be compatible with previous deployment and
> authentication methods, so the existing APIs won’t be removed and some of
> them are just to be deprecated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
