[ 
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13450834#comment-13450834
 ] 

Vinod Kumar Vavilapalli commented on HADOOP-8779:
-------------------------------------------------

Authorization without authentication or, in other words, allowing access to 
resources to users without knowing who they really are - doesn't make much 
sense. But if you call it as "simple auth" instead of "security off", it 
becomes meaningful. Arguably I am just debating semantics here.

bq. The security framework currently only uses tokens for authz if and only if 
kerberos is the auth method.
Kerberos and digest? To address your needs, you can use DIGEST auth-method?

That said, I agree that decoupling them will help a bit. In MR code, for e.g., 
we always maintained a separate authorization flag for queue and job level ACLs.
                
> Use tokens regardless of authentication type
> --------------------------------------------
>
>                 Key: HADOOP-8779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8779
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, security
>    Affects Versions: 3.0.0, 2.2.0-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).  
> Authorization may be granted independently of the authentication model.  
> Tokens should be used regardless of simple or kerberos authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to