[
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481914#comment-13481914
]
Daryn Sharp commented on HADOOP-8779:
-------------------------------------
bq. {quote} I've long considered whether job submission should set a conf key
that forces a task to only use tokens which is what I think you are also
suggesting.{quote}
bq. For example, the job client upper layer could decide on which auth method
to use and tell RPC client to use that, or it could just pass to the RPC client
the connection type (initial or subsequent) and let RPC client choose the right
auth method.
I think we might be in violent agreement...?
bq. I think we should agree on the overall design and what behaviors are
supported at each piece, at least at a high-level, before making changes to any
of them
The design is rather simple at a high level. I'll write up a doc if this isn't
clear, or a good basis for discussion:
# Allow tokens to be issued for any non-token authentication
(SIMPLE/KERBEROS/etc) method
# Allow clients to use said tokens for subsequent connections
# Remove all the conditionals from the filesystems for whether tokens can be
acquired and/or used
# Always submit jobs with tokens
#* maybe controlled via a conf setting, would prefer no setting to reduce code
complexity
#* add a conf key to the job conf that instructs the task's RPC client that it
must use tokens
Everything is already in place within the RPC layer to support tokens with any
auth if a secret manager is enabled. Hence, HDFS-4056 is attempting to
activate the secret manager which places us between steps 2 & 3.
Removing the conditionals in the filesystems doesn't mandate tokens with SIMPLE
auth, but allows them to be used if the job client requests them. Step 4 is
where we decide when and if tokens are required.
bq. For example, if we agree on supporting SIMPLE + SIMPLE, HDFS-4056 is not
needed.
In
https://issues.apache.org/jira/browse/HADOOP-8758?focusedCommentId=13448518&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13448518,
you formerly agreed this was worthwhile: "Robert Joseph Evans and Daryn
Sharp, I agree we should allow SIMPLE auth to be coupled with tokens." Has
your position changed?
> Use tokens regardless of authentication type
> --------------------------------------------
>
> Key: HADOOP-8779
> URL: https://issues.apache.org/jira/browse/HADOOP-8779
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs, security
> Affects Versions: 3.0.0, 2.0.2-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).
> Authorization may be granted independently of the authentication model.
> Tokens should be used regardless of simple or kerberos authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
