[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484127#comment-13484127 ]
Daryn Sharp commented on HADOOP-8779: ------------------------------------- bq. Even if we used SASL PLAIN, we would still have to differentiate between PLAIN and DIGEST-MD5, so that NN knows when to start its SecretManager. In particular, when PLAIN is configured, it shouldn't trigger the isSecurityEnabled code path. I'm making {{isSecurityEnabled}} mean SASL is being used. SIMPLE doesn't change at all and doesn't use tokens, while PLAIN means security is enabled and tokens are required for internal auth. bq. (Re: Multiple internal auths) We need to support at least 2, SIMPLE and TOKEN. I've said that repeatedly, I hope this time it gets to you. :) There's no debate, we already are and have in completely agreement. In these jiras you've hinted at selectable internal auths, so all I meant to clarify is security (!SIMPLE) for internal auth is token, SIMPLE is SIMPLE which is why I've chosen the PLAIN route. > Use tokens regardless of authentication type > -------------------------------------------- > > Key: HADOOP-8779 > URL: https://issues.apache.org/jira/browse/HADOOP-8779 > Project: Hadoop Common > Issue Type: New Feature > Components: fs, security > Affects Versions: 3.0.0, 2.0.2-alpha > Reporter: Daryn Sharp > Assignee: Daryn Sharp > > Security is a combination of authentication and authorization (tokens). > Authorization may be granted independently of the authentication model. > Tokens should be used regardless of simple or kerberos authentication. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira