Generic token authentication support for Hadoop

As a major goal of Rhino project, we proposed TokenAuth effort in HADOOP-9392, where it's to provide a common token authentication framework to integrate multiple authentication mechanisms, by adding a new AuthenticationMethod in lieu of KERBEROS and SIMPLE. To minimize the required changes and risk, we thought of another approach to achieve the general goals based on Kerberos as Kerberos itself supports a pre-authentication framework in both spec and implementation, which was discussed in HADOOP-10959 as TokenPreauth. In both approaches, we had performed workable prototypes covering both command line console and Hadoop web UI.

As HADOOP-9392 is rather lengthy and heavy, HADOOP-10959 is mostly focused on the concrete implementation approach based on Kerberos, we open this for more general and updated discussions about requirement, use cases, and concerns for the generic token authentication support for Hadoop. We distinguish this token from existing Hadoop tokens as the token in this discussion is majorly for the initial and primary authentication. We will refine our existing codes in HADOOP-9392 and HADOOP-10959, break them down into smaller patches based on latest trunk.