[ 
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483877#comment-13483877
 ] 

Kan Zhang commented on HADOOP-8779:
-----------------------------------

bq. I think we're starting to over-engineer the issue at hand and bleeding 
requirements for other jiras like HADOOP-8758 into the design.

I don't feel that way. I would have made the same comments and suggestions even 
if our goal was to simply enable SIMPLE + TOKEN without the perspective of 
adding any new auth method (ex., TOKEN + TOKEN, which is the goal of 
HADOOP-8758) in the future. To pair tokens with more than one initial auth 
method isn't trivial. Otherwise, we would have done it in the first 
implementation of tokens. As I said earlier, the main work of HADOOP-8758 is 
actually about removing the tight coupling of Kerberos with tokens, and not 
about adding new auth methods. But you wanted to do it in this JIRA. Hope you 
didn't regret it. :-)

bq.  I feel we have become excessively bogged down trying to supporting SIMPLE 
with tokens (my initial goal) and w/o tokens (your goal).

SIMPLE w/o tokens is currently supported and I think there is value in keep 
supporting it. I'm sorry if this work turns out to be more than what you 
planned, but we should try to enable/optimize Hadoop for more use cases rather 
than less, right?

bq. A far simpler approach is supporting SASL's PLAIN mechanism. It's basically 
hadoop's SIMPLE, but within the context of SASL. The end result is that PLAIN 
will trigger all the isSecurityEnabled code w/o changing any of the behavior of 
SIMPLE. The change becomes almost trivial because I won't have to touch the 
security conditionals in filesystems, mr, or yarn.

The reason why we didn't use SASL's PLAIN mechanism is we didn't want to pay 
the overhead of SASL when security is turned off. But it is irrelevant here. 
Even if we used SASL PLAIN, we would still have to differentiate between PLAIN 
and DIGEST-MD5, so that NN knows when to start its SecretManager. In 
particular, when PLAIN is configured, it shouldn't trigger the 
isSecurityEnabled code path.

bq. I don't feel we need to ponder multiple internal auths

We need to support at least 2, SIMPLE and TOKEN. I've said that repeatedly, I 
hope this time it gets to you. :-)

Btw, I don't have bandwidth to respond to you on a daily basis (as I have done 
in the past few days). I apologize if my responses appear to be a little slow. 
And I wasn't able to provide comments on subtasks HADOOP-8783 and HADOOP-8784 
before they were committed. They escaped my radar since their titles didn't 
sound like they were related to this JIRA. I thought they were mere 
"improvements", not behavior changing patches. :-)
                
> Use tokens regardless of authentication type
> --------------------------------------------
>
>                 Key: HADOOP-8779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8779
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, security
>    Affects Versions: 3.0.0, 2.0.2-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).  
> Authorization may be granted independently of the authentication model.  
> Tokens should be used regardless of simple or kerberos authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to