[jira] [Commented] (HADOOP-9797) Pluggable and compatible UGI change

[Kai Zheng (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-9797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13746709#comment-13746709
 ] 

Kai Zheng commented on HADOOP-9797:
-----------------------------------

Hi Sanjay,

bq. Having read the patch, I agree with Daryn, can you split this jira into 
smaller ones and submit some updated patches please.
Yes it's going. HADOOP-9840 and HADOOP-9841 were opened and two incremental 
patches were attached. I'm working on the left part and subsequent ones will be 
coming. Would you help review them and provide your inputs then. Thanks.

bq. can you please add a comment on what you will be testing beyond the unit 
tests.
Sure. I am working with our QA engineers on testing both Simple and Kerberos 
cases, covering HDFS for the initial patch. As you suggested, we will also add 
more tests covering YARN component and trusted proxy case when submitting 
related patches. Any other testing scenario that you would like to see?

                
> Pluggable and compatible UGI change
> -----------------------------------
>
>                 Key: HADOOP-9797
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9797
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>              Labels: Rhino
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-9797-v1.patch
>
>
> As already widely discussed current UGI related classes needs to be improved 
> in many aspects. This is to improve and make UGI so that it can be: 
>  
> * Pluggable, new authentication method with its login module can be 
> dynamically registered and plugged without having to change the UGI class;
> * Extensible, login modules with their options can be dynamically extended 
> and customized so that can be reusable elsewhere, like in TokenAuth;
>  
> * No Kerberos relevant, remove any Kerberos relevant functionalities out of 
> it to make it simple and suitable for other login mechanisms; 
> * Of appropriate abstraction and API, with improved abstraction and API it’s 
> possible to allow authentication implementations not using JAAS modules;
> * Compatible, should be compatible with previous deployment and 
> authentication methods, so the existing APIs won’t be removed and some of 
> them are just to be deprecated.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira