[
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481954#comment-13481954
]
Kan Zhang commented on HADOOP-8779:
-----------------------------------
bq. 3. Remove all the conditionals from the filesystems for whether tokens can
be acquired and/or used
I'm not sure this should be done, since the filesystem still needs to decide
whether a token can be issued based on whether the client is authenticated
using the configured initial auth method.
bq. 4. Always submit jobs with tokens
I think this is where we have differences. In my view, when SIMPLE + SIMPLE is
configured, there should be no tokens issued or submitted (as it is today).
bq. you formerly agreed this was worthwhile: "Robert Joseph Evans and Daryn
Sharp, I agree we should allow SIMPLE auth to be coupled with tokens." Has your
position changed?
No. We should allow SIMPLE to be paired with tokens. But that doesn't mean
SIMPLE should always be paired with tokens. In particular, when SIMPLE is
paired with SIMPLE on a given installation (configuration), we want to avoid
the overhead of using tokens.
> Use tokens regardless of authentication type
> --------------------------------------------
>
> Key: HADOOP-8779
> URL: https://issues.apache.org/jira/browse/HADOOP-8779
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs, security
> Affects Versions: 3.0.0, 2.0.2-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).
> Authorization may be granted independently of the authentication model.
> Tokens should be used regardless of simple or kerberos authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
