[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

Fri, 07 Sep 2012 11:47:10 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13450887#comment-13450887
 ] 

Daryn Sharp commented on HADOOP-8779:
-------------------------------------

bq. Authorization without authentication or, in other words, allowing access to 
resources to users without knowing who they really are - doesn't make much 
sense. But if you call it as "simple auth" instead of "security off", it 
becomes meaningful. Arguably I am just debating semantics here.
No debate, I fully agree it should be considered "simple auth".  I used 
'security "off"' because it's a misnomer.  I look at it as going to a private 
party and need a key (token) to open the door (service).  I can either tell the 
guard who I am and he trusts me (simple auth) or I can present a secure picture 
id (kerberos).  However I get the key (token), I'm only authorized to unlock 
certain doors (services) after that point.

bq. To address your needs, you can use DIGEST auth-method?
Yes.  I'm allowing a server configured for simple auth to:
# Grant tokens if requested - server currently will not
# Validate tokens if presented via sasl DIGEST - sever currently kicks the 
client out of sasl into simple auth
# Continue to allow a simple auth client to only use simple auth in order to 
preserve backwards compat with older clients

                
> Use tokens regardless of authentication type
> --------------------------------------------
>
>                 Key: HADOOP-8779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8779
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, security
>    Affects Versions: 3.0.0, 2.2.0-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).  
> Authorization may be granted independently of the authentication model.  
> Tokens should be used regardless of simple or kerberos authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to