[
https://issues.apache.org/jira/browse/HADOOP-9840?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730815#comment-13730815
]
Daryn Sharp commented on HADOOP-9840:
-------------------------------------
This appears to be further locking in that a UGI may have one and only one
login identity by using auth-specific subclasses of User. If so, that poses a
problem for a client that needs multiple login credentials for a heterogenous
security env (ie. kerberos + hsso).
> Improve User class for UGI and decouple it from Kerberos
> --------------------------------------------------------
>
> Key: HADOOP-9840
> URL: https://issues.apache.org/jira/browse/HADOOP-9840
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Priority: Minor
> Labels: Rhino
> Attachments: HADOOP-9840.patch, HADOOP-9840.patch
>
>
> As discussed in HADOOP-9797, it would be better to improve UGI incrementally.
> Open this JIRA to improve User class to:
> * Make it extensible as a base class, then can have subclasses like
> SimpleUser for Simple authn, KerberosUser for Kerberos authn,
> IdentityTokenUser for TokenAuth (in future), and etc.
> * Decouple it from Kerberos.
> * Refactor UGI class safely, move testing related codes out of it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
