[HADOOP-6581] Add authenticated TokenIdentifiers to UGI so that they can be used for authorization - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: ipc, security
Labels:
None

Hadoop Flags:

Reviewed

Description

When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See ~~HADOOP-4359~~ for more info.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

c6581-10.patch
21/Feb/10 02:19
6 kB
Kan Zhang
c6581-12.patch
24/Feb/10 02:04
6 kB
Kan Zhang
c6581-13.patch
25/Feb/10 23:46
6 kB
Kan Zhang
c6581-14.patch
26/Feb/10 02:49
6 kB
Kan Zhang
c6581-15.patch
26/Feb/10 23:31
6 kB
Kan Zhang
c6581-16.patch
12/May/10 00:36
7 kB
Jitendra Nath Pandey
c6581-17.patch
19/May/10 20:09
8 kB
Jitendra Nath Pandey
c6581-18.patch
21/May/10 17:52
10 kB
Jitendra Nath Pandey

Issue Links

blocks

HDFS-992 Re-factor block access token implementation to conform to the generic Token interface in Common

Closed

incorporates

HADOOP-6782 TestAvroRpc fails with avro-1.3.1 and avro-1.3.2

Closed

is related to

HADOOP-4487 Security features for Hadoop

Closed

Activity

People

Assignee:: Kan Zhang

Reporter:: Kan Zhang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Feb/10 02:17

Updated:: 28/May/10 11:23

Resolved:: 26/May/10 20:32