Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11766

Generic token authentication support for Hadoop

Add voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      As a major goal of Rhino project, we proposed TokenAuth effort in HADOOP-9392, where it's to provide a common token authentication framework to integrate multiple authentication mechanisms, by adding a new AuthenticationMethod in lieu of KERBEROS and SIMPLE. To minimize the required changes and risk, we thought of another approach to achieve the general goals based on Kerberos as Kerberos itself supports a pre-authentication framework in both spec and implementation, which was discussed in HADOOP-10959 as TokenPreauth. In both approaches, we had performed workable prototypes covering both command line console and Hadoop web UI.

      As HADOOP-9392 is rather lengthy and heavy, HADOOP-10959 is mostly focused on the concrete implementation approach based on Kerberos, we open this for more general and updated discussions about requirement, use cases, and concerns for the generic token authentication support for Hadoop. We distinguish this token from existing Hadoop tokens as the token in this discussion is majorly for the initial and primary authentication. We will refine our existing codes in HADOOP-9392 and HADOOP-10959, break them down into smaller patches based on latest trunk.

        Attachments

        1. HADOOP-11766-V1.patch
          63 kB
          Jiajia Li

        Issue Links

          Activity

            People

            • Assignee:
              drankye Kai Zheng
              Reporter:
              drankye Kai Zheng

              Dates

              • Created:
                Updated:

                Issue deployment