[ https://issues.apache.org/jira/browse/HADOOP-9840?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730815#comment-13730815 ]
Daryn Sharp commented on HADOOP-9840: ------------------------------------- This appears to be further locking in that a UGI may have one and only one login identity by using auth-specific subclasses of User. If so, that poses a problem for a client that needs multiple login credentials for a heterogenous security env (ie. kerberos + hsso). > Improve User class for UGI and decouple it from Kerberos > -------------------------------------------------------- > > Key: HADOOP-9840 > URL: https://issues.apache.org/jira/browse/HADOOP-9840 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Kai Zheng > Assignee: Kai Zheng > Priority: Minor > Labels: Rhino > Attachments: HADOOP-9840.patch, HADOOP-9840.patch > > > As discussed in HADOOP-9797, it would be better to improve UGI incrementally. > Open this JIRA to improve User class to: > * Make it extensible as a base class, then can have subclasses like > SimpleUser for Simple authn, KerberosUser for Kerberos authn, > IdentityTokenUser for TokenAuth (in future), and etc. > * Decouple it from Kerberos. > * Refactor UGI class safely, move testing related codes out of it. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira