[jira] [Commented] (HADOOP-9797) Pluggable and compatible UGI change

Tue, 29 Oct 2013 18:37:51 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13808656#comment-13808656
 ] 

Kai Zheng commented on HADOOP-9797:
-----------------------------------

Hi Larry,

Thanks for taking care of this. You're right you found a coding error in 
getJaasLoginConfiguration(). The code was obsolete when introduced 
HadoopLoginFactory, and I should have removed the dead code. Thanks anyway.

Sure to simply add the TokenAuthn method, we don't have to need this, as can be 
seen in HADOOP-9804. I'm probably running this for the long term trying various 
possible enhancements with incremental patches.

> Pluggable and compatible UGI change
> -----------------------------------
>
>                 Key: HADOOP-9797
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9797
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>              Labels: Rhino
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-9797-v1.patch, HADOOP-9797-v2.patch, 
> HADOOP-9797-v3.patch, Pluggable and Compatible UGI Change.pdf
>
>
> As already widely discussed current UGI related classes needs to be improved 
> in many aspects. This is to improve and make UGI so that it can be: 
>  
> * Pluggable, new authentication method with its login module can be 
> dynamically registered and plugged without having to change the UGI class;
> * Extensible, login modules with their options can be dynamically extended 
> and customized so that can be reusable elsewhere, like in TokenAuth;
>  
> * No Kerberos relevant, remove any Kerberos relevant functionalities out of 
> it to make it simple and suitable for other login mechanisms; 
> * Of appropriate abstraction and API, with improved abstraction and API it’s 
> possible to allow authentication implementations not using JAAS modules;
> * Compatible, should be compatible with previous deployment and 
> authentication methods, so the existing APIs won’t be removed and some of 
> them are just to be deprecated.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to