You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2013/09/03 07:36:52 UTC

[jira] [Updated] (HADOOP-9797) Pluggable and compatible UGI change

     [ https://issues.apache.org/jira/browse/HADOOP-9797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kai Zheng updated HADOOP-9797:
------------------------------

    Attachment: Pluggable and Compatible UGI Change.pdf

Attached a doc to illustrate the over all changes in the incremental patches. Wish this can save your time for your review and understanding. Your comments are welcome. In future this doc will be updated serving as a complete design doc for new UGI implementation when the changes are relatively finalized.
                
> Pluggable and compatible UGI change
> -----------------------------------
>
>                 Key: HADOOP-9797
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9797
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>              Labels: Rhino
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-9797-v1.patch, Pluggable and Compatible UGI Change.pdf
>
>
> As already widely discussed current UGI related classes needs to be improved in many aspects. This is to improve and make UGI so that it can be: 
>  
> * Pluggable, new authentication method with its login module can be dynamically registered and plugged without having to change the UGI class;
> * Extensible, login modules with their options can be dynamically extended and customized so that can be reusable elsewhere, like in TokenAuth;
>  
> * No Kerberos relevant, remove any Kerberos relevant functionalities out of it to make it simple and suitable for other login mechanisms; 
> * Of appropriate abstraction and API, with improved abstraction and API it’s possible to allow authentication implementations not using JAAS modules;
> * Compatible, should be compatible with previous deployment and authentication methods, so the existing APIs won’t be removed and some of them are just to be deprecated.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira