[ 
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484127#comment-13484127
 ] 

Daryn Sharp commented on HADOOP-8779:
-------------------------------------

bq. Even if we used SASL PLAIN, we would still have to differentiate between 
PLAIN and DIGEST-MD5, so that NN knows when to start its SecretManager. In 
particular, when PLAIN is configured, it shouldn't trigger the 
isSecurityEnabled code path.

I'm making {{isSecurityEnabled}} mean SASL is being used.  SIMPLE doesn't 
change at all and doesn't use tokens, while PLAIN means security is enabled and 
tokens are required for internal auth.

bq. (Re: Multiple internal auths) We need to support at least 2, SIMPLE and 
TOKEN. I've said that repeatedly, I hope this time it gets to you. :)

There's no debate, we already are and have in completely agreement.  In these 
jiras you've hinted at selectable internal auths, so all I meant to clarify is 
security (!SIMPLE) for internal auth is token, SIMPLE is SIMPLE which is why 
I've chosen the PLAIN route.
                
> Use tokens regardless of authentication type
> --------------------------------------------
>
>                 Key: HADOOP-8779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8779
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, security
>    Affects Versions: 3.0.0, 2.0.2-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).  
> Authorization may be granted independently of the authentication model.  
> Tokens should be used regardless of simple or kerberos authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to