[jira] Commented: (HADOOP-1701) Provide a simple authentication service and a user management service

Tue, 21 Aug 2007 16:18:51 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12521633
 ] 

Owen O'Malley commented on HADOOP-1701:
---------------------------------------

1. Please don't use WritableFactory. ReflectionUtils.newInstance() is the 
preferred interface.
2. What would be the usage of Ticket.getSubject() ?
3. I think that Ticket.getPrincipal() should be getTarget() to be clear about 
which Principal is returned.
4. I suspect that SecurityImpl should not be a public class.
5. I think that we should support a single mechanism to get the username. It 
looks like you are planning on a two level structure.

> Provide a simple authentication service and a user management service
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-1701
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1701
>             Project: Hadoop
>          Issue Type: New Feature
>            Reporter: Tsz Wo (Nicholas), SZE
>            Assignee: Tsz Wo (Nicholas), SZE
>         Attachments: 1701_20070821framework.patch
>
>
> In HADOOP-1298, we want to add user information and permission to the file 
> system.  It requires an authentication service and a user management service. 
>  We should provide a framework and a simple implementation in issue and 
> extend it later.  As discussed in HADOOP-1298, the framework should be 
> extensible and pluggable.
> - Extensible: possible to extend the framework to the other parts (e.g. 
> map-reduce) of Hadoop.
> - Pluggable: can easily switch security implementations.  Below is a diagram 
> borrowed from Java.
> !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
> - Implement a Hadoop authentication center (HAC).  In the first step, the 
> mechanism of HAC is very simple, it keeps track a list of usernames (we only 
> support users, will work on other principals later) in HAC and verify 
> username in user login (yeah, no password).  HAC can run inside NameNode or 
> run as a stand alone server.   We will probably use Kerberos to provide more 
> sophisticated authentication service.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to