Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6581

Add authenticated TokenIdentifiers to UGI so that they can be used for authorization

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: ipc, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.

        Attachments

        1. c6581-18.patch
          10 kB
          Jitendra Nath Pandey
        2. c6581-17.patch
          8 kB
          Jitendra Nath Pandey
        3. c6581-16.patch
          7 kB
          Jitendra Nath Pandey
        4. c6581-15.patch
          6 kB
          Kan Zhang
        5. c6581-14.patch
          6 kB
          Kan Zhang
        6. c6581-13.patch
          6 kB
          Kan Zhang
        7. c6581-12.patch
          6 kB
          Kan Zhang
        8. c6581-10.patch
          6 kB
          Kan Zhang

          Issue Links

            Activity

              People

              • Assignee:
                kzhang Kan Zhang
                Reporter:
                kzhang Kan Zhang
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: