[ 
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13478488#comment-13478488
 ] 

Kan Zhang commented on HADOOP-8779:
-----------------------------------

Well, the job client scenario is just an example. The deeper issue is whether 
the client should make its decision on what auth method to use based on 
configuration, or on what credentials are currently available. I think the 
former is better and easier to reason. If the required credentials are not 
available, it should complain rather than automatically switch to make a 
different type of connection (a task switching from token to SIMPLE would 
defeat your testing purpose). Using credential precedence may work in simpler 
scenarios (like we had before), but may not work well when more combinations of 
initial and subsequent auth methods need to be supported.
                
> Use tokens regardless of authentication type
> --------------------------------------------
>
>                 Key: HADOOP-8779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8779
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, security
>    Affects Versions: 3.0.0, 2.0.2-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).  
> Authorization may be granted independently of the authentication model.  
> Tokens should be used regardless of simple or kerberos authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to