[jira] [Commented] (HADOOP-9926) Authentication specific login implementation in separate class from UGI

Thu, 12 Sep 2013 23:00:16 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9926?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13766085#comment-13766085
 ] 

Kai Zheng commented on HADOOP-9926:
-----------------------------------

Alejandro,

bq. we implement a SimpleLoginModule for unsecure auth and for Kerberos we just 
use the one provided by the JDK?
For unsecure auth, current codes already used an OS specific login module, like 
LinuxLoginModule, NTLoginModule and etc.
The concern is, for each authentication method UGI defines, we might need more 
than one JAAS login modules to handle, as current UGI does. That's why we 
introduce HadoopLoginConfiguration to manage that. Regarding loading the 
configuration and login implementation according to the desired authentication, 
the patch has codes like below:
{code}
+        String confName = authenticationMethod.getLoginAppName();
+        HadoopLogin login = HadoopLoginManager.createHadoopLogin(confName);
+        login.login();
{code}
How would you like this? Thanks.
                
> Authentication specific login implementation in separate class from UGI
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-9926
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9926
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>         Attachments: HADOOP-9926.patch
>
>
> As discussed in HADOOP-9797, we would improve UGI class in incremental 
> patches. This issue covers the following in the patch that will be attached 
> for this issue:
>  
> * HadoopLogin is an interface, and AbstractHadoopLogin is the abstract 
> implementation for it, to define the API and common implementation for 
> various login mechanisms, not just for JAAS based. 
> * Login implementation details, are removed from UGI and wrapped in concrete 
> HadoopLogin implementations like SimpleAuthnLogin, UserKerberosLogin and 
> KeytabKerberosLogin, which will be simply employed by appropriate UGI login 
> related methods to do the login work. 
> * The login result can be returned via getSubject() for now from the 
> HadoopLogin interface, and UGI can call it to get the result. The result is 
> then wrapped in a UGI object.
> * For Kerberos part, we might cover it in another JIRA since the change is 
> big.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to