Recent issues (see linked) have brought to light a critical deficiency in the handling of JAAS configuration.
1. the MapR distribution relies on an explicit JAAS conf, rather than in-memory conf used by stock Hadoop.
2. the ZK/Kafka/Hadoop security configuration is supposed to be independent (one can enable each element separately) but isn't.
Perhaps we should rework the JAAS conf code to merge any user-supplied configuration with our defaults, rather than using an all-or-nothing approach.
We should also address some recent regressions:
1. The HadoopSecurityContext should be installed regardless of auth mode, to login with UserGroupInformation, which:
- handles the HADOOP_USER_NAME variable.
- installs an OS-specific user principal (from UnixLoginModule etc.) unrelated to Kerberos.
- picks up the HDFS/HBASE delegation tokens.
2. Fix the use of alternative authentication methods - delegation tokens and Kerberos ticket cache.