[jira] [Commented] (HADOOP-12563) Updated utility to create/modify token files

Thu, 14 Jan 2016 16:06:51 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15099171#comment-15099171
 ] 

Larry McCay commented on HADOOP-12563:
--------------------------------------

[~aw] - thanks for the response - somehow I missed it earlier.

The ability to have multiple formats would be great.
There has been some other similar discussion around using JWT as a normalized 
authentication token.
I'd like to dig into this ability and make sure it is accounted for in the 
current design.

I envision an hinit command for authentication that results in a protected 
(JWT) token file that can be used for authentication.
This is very much inline with dtutil - apart from the current token format.

There is a filter available for use with the UIs that accepts cookies with JWT 
tokens available in trunk. It leverages the nimbus library for JWT support.

So, can we talk about the ability to have different formats now or do we have 
to talk about adding the ability in a follow up to this?

Thanks again!

> Updated utility to create/modify token files
> --------------------------------------------
>
>                 Key: HADOOP-12563
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12563
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 3.0.0
>            Reporter: Allen Wittenauer
>            Assignee: Matthew Paduano
>         Attachments: HADOOP-12563.01.patch, HADOOP-12563.02.patch, 
> HADOOP-12563.03.patch, HADOOP-12563.04.patch, HADOOP-12563.05.patch, 
> HADOOP-12563.06.patch, example_dtutil_commands_and_output.txt, 
> generalized_token_case.pdf
>
>
> hdfs fetchdt is missing some critical features and is geared almost 
> exclusively towards HDFS operations.  Additionally, the token files that are 
> created use Java serializations which are hard/impossible to deal with in 
> other languages. It should be replaced with a better utility in common that 
> can read/write protobuf-based token files, has enough flexibility to be used 
> with other services, and offers key functionality such as append and rename. 
> The old version file format should still be supported for backward 
> compatibility, but will be effectively deprecated.
> A follow-on JIRA will deprecrate fetchdt.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to