[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483877#comment-13483877 ]
Kan Zhang commented on HADOOP-8779: ----------------------------------- bq. I think we're starting to over-engineer the issue at hand and bleeding requirements for other jiras like HADOOP-8758 into the design. I don't feel that way. I would have made the same comments and suggestions even if our goal was to simply enable SIMPLE + TOKEN without the perspective of adding any new auth method (ex., TOKEN + TOKEN, which is the goal of HADOOP-8758) in the future. To pair tokens with more than one initial auth method isn't trivial. Otherwise, we would have done it in the first implementation of tokens. As I said earlier, the main work of HADOOP-8758 is actually about removing the tight coupling of Kerberos with tokens, and not about adding new auth methods. But you wanted to do it in this JIRA. Hope you didn't regret it. :-) bq. I feel we have become excessively bogged down trying to supporting SIMPLE with tokens (my initial goal) and w/o tokens (your goal). SIMPLE w/o tokens is currently supported and I think there is value in keep supporting it. I'm sorry if this work turns out to be more than what you planned, but we should try to enable/optimize Hadoop for more use cases rather than less, right? bq. A far simpler approach is supporting SASL's PLAIN mechanism. It's basically hadoop's SIMPLE, but within the context of SASL. The end result is that PLAIN will trigger all the isSecurityEnabled code w/o changing any of the behavior of SIMPLE. The change becomes almost trivial because I won't have to touch the security conditionals in filesystems, mr, or yarn. The reason why we didn't use SASL's PLAIN mechanism is we didn't want to pay the overhead of SASL when security is turned off. But it is irrelevant here. Even if we used SASL PLAIN, we would still have to differentiate between PLAIN and DIGEST-MD5, so that NN knows when to start its SecretManager. In particular, when PLAIN is configured, it shouldn't trigger the isSecurityEnabled code path. bq. I don't feel we need to ponder multiple internal auths We need to support at least 2, SIMPLE and TOKEN. I've said that repeatedly, I hope this time it gets to you. :-) Btw, I don't have bandwidth to respond to you on a daily basis (as I have done in the past few days). I apologize if my responses appear to be a little slow. And I wasn't able to provide comments on subtasks HADOOP-8783 and HADOOP-8784 before they were committed. They escaped my radar since their titles didn't sound like they were related to this JIRA. I thought they were mere "improvements", not behavior changing patches. :-) > Use tokens regardless of authentication type > -------------------------------------------- > > Key: HADOOP-8779 > URL: https://issues.apache.org/jira/browse/HADOOP-8779 > Project: Hadoop Common > Issue Type: New Feature > Components: fs, security > Affects Versions: 3.0.0, 2.0.2-alpha > Reporter: Daryn Sharp > Assignee: Daryn Sharp > > Security is a combination of authentication and authorization (tokens). > Authorization may be granted independently of the authentication model. > Tokens should be used regardless of simple or kerberos authentication. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira