[
https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485527#comment-13485527
]
Kan Zhang commented on HADOOP-8779:
-----------------------------------
bq. Even if we used SASL PLAIN, we would still have to differentiate between
PLAIN and DIGEST-MD5, so that NN knows when to start its SecretManager.
Sorry, my above comment should read "... differentiate between PLAIN and
Kerberos, ...", since I was talking about initial auth methods.
bq. I'm making isSecurityEnabled mean SASL is being used. SIMPLE doesn't change
at all and doesn't use tokens, while PLAIN means security is enabled and tokens
are required for internal auth.
This might work. isSecurityEnabled is extensively used in the code base. Pls
make sure the new semantics fits in all cases (especially where it might be
used to mean "Kerberos is enabled").
> Use tokens regardless of authentication type
> --------------------------------------------
>
> Key: HADOOP-8779
> URL: https://issues.apache.org/jira/browse/HADOOP-8779
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs, security
> Affects Versions: 3.0.0, 2.0.2-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
>
> Security is a combination of authentication and authorization (tokens).
> Authorization may be granted independently of the authentication model.
> Tokens should be used regardless of simple or kerberos authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
