[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485527#comment-13485527 ]
Kan Zhang commented on HADOOP-8779: ----------------------------------- bq. Even if we used SASL PLAIN, we would still have to differentiate between PLAIN and DIGEST-MD5, so that NN knows when to start its SecretManager. Sorry, my above comment should read "... differentiate between PLAIN and Kerberos, ...", since I was talking about initial auth methods. bq. I'm making isSecurityEnabled mean SASL is being used. SIMPLE doesn't change at all and doesn't use tokens, while PLAIN means security is enabled and tokens are required for internal auth. This might work. isSecurityEnabled is extensively used in the code base. Pls make sure the new semantics fits in all cases (especially where it might be used to mean "Kerberos is enabled"). > Use tokens regardless of authentication type > -------------------------------------------- > > Key: HADOOP-8779 > URL: https://issues.apache.org/jira/browse/HADOOP-8779 > Project: Hadoop Common > Issue Type: New Feature > Components: fs, security > Affects Versions: 3.0.0, 2.0.2-alpha > Reporter: Daryn Sharp > Assignee: Daryn Sharp > > Security is a combination of authentication and authorization (tokens). > Authorization may be granted independently of the authentication model. > Tokens should be used regardless of simple or kerberos authentication. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira