Kai Zheng created HADOOP-11766:
----------------------------------
Summary: Generic token authentication support for Hadoop
Key: HADOOP-11766
URL: https://issues.apache.org/jira/browse/HADOOP-11766
Project: Hadoop Common
Issue Type: New Feature
Components: security
Reporter: Kai Zheng
Assignee: Kai Zheng
As a major goal of Rhino project, we proposed *TokenAuth* effort in
HADOOP-9392, where it's to provide a common token authentication framework to
integrate multiple authentication mechanisms, by adding a new
{{AuthenticationMethod}} in lieu of {{KERBEROS}} and {{SIMPLE}}. To minimize
the required changes and risk, we thought of another approach to achieve the
general goals based on Kerberos as Kerberos itself supports a
pre-authentication framework in both spec and implementation, which was
discussed in HADOOP-10959 as *TokenPreauth*. In both approaches, we had
performed workable prototypes covering both command line console and Hadoop web
UI.
As HADOOP-9392 is rather lengthy and heavy, HADOOP-10959 is mostly focused on
the concrete implementation approach based on Kerberos, we open this for more
general and updated discussions about requirement, use cases, and concerns for
the generic token authentication support for Hadoop. We distinguish this token
from existing Hadoop tokens as the token in this discussion is majorly for the
initial and primary authentication. We will refine our existing codes in
HADOOP-9392 and HADOOP-10959, break them down into smaller patches based on
latest trunk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
