You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2013/08/01 08:29:49 UTC

[jira] [Commented] (HADOOP-9797) Pluggable and compatible UGI change

    [ https://issues.apache.org/jira/browse/HADOOP-9797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13726105#comment-13726105 ] 

Kai Zheng commented on HADOOP-9797:
-----------------------------------

Daryn,

Thanks for reviewing the patch, much appreciated. I understand and agree with your concern that the patch is rather large and we should do this incrementally. Let me break this one up into incremental patches, then I can address any review comments and feedback per patch. Hopefully that also makes it a little easier for you and others to review and provide your comments.
                
> Pluggable and compatible UGI change
> -----------------------------------
>
>                 Key: HADOOP-9797
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9797
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>              Labels: rhino
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-9797-v1.patch
>
>
> As already widely discussed current UGI related classes needs to be improved in many aspects. This is to improve and make UGI so that it can be: 
>  
> * Pluggable, new authentication method with its login module can be dynamically registered and plugged without having to change the UGI class;
> * Extensible, login modules with their options can be dynamically extended and customized so that can be reusable elsewhere, like in TokenAuth;
>  
> * No Kerberos relevant, remove any Kerberos relevant functionalities out of it to make it simple and suitable for other login mechanisms; 
> * Of appropriate abstraction and API, with improved abstraction and API it’s possible to allow authentication implementations not using JAAS modules;
> * Compatible, should be compatible with previous deployment and authentication methods, so the existing APIs won’t be removed and some of them are just to be deprecated.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira