[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13451502#comment-13451502 ]
Kan Zhang commented on HADOOP-8779: ----------------------------------- Firstly, delegation tokens are not authorizations; they are just credentials to be used with some authentication method (DIGEST-MD5 in this case). There could be many ways to set up the credentials to be used with DIGEST-MD5. Hence, we have many different delegation token implementations (SecretManagers) in Hadoop. But currently only a single type of delegation tokens (to be used with DIGEST-MD5 as the internal auth method) can be used for a particular service and it is tightly coupled with Kerberos as the only external auth method. HADOOP-8758 is opened to support DIGEST-MD5 as an external auth method (with potentially many different types of tokens to be used with it). See my comment in HADOOP-8758 for explanation on external vs. internal auth methods. Secondly, this JIRA is not needed; it is already assumed by HADOOP-8758. The decoupling of Kerberos from existing delegation token implementations (used with DIGEST-MD5 as internal auth method) has to be done before adding DIGEST-MD5 as an external auth method. Once decoupling is done, auth methods other than DIGEST-MD5 (including SIMPLE auth) should also be configurable as external auth methods. > Use tokens regardless of authentication type > -------------------------------------------- > > Key: HADOOP-8779 > URL: https://issues.apache.org/jira/browse/HADOOP-8779 > Project: Hadoop Common > Issue Type: New Feature > Components: fs, security > Affects Versions: 3.0.0, 2.0.2-alpha > Reporter: Daryn Sharp > Assignee: Daryn Sharp > > Security is a combination of authentication and authorization (tokens). > Authorization may be granted independently of the authentication model. > Tokens should be used regardless of simple or kerberos authentication. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira