[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15127368#comment-15127368 ] Jing Zhao commented on HADOOP-8779: --- Based on the discussion in HDFS-9184, should we continue the work

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15127374#comment-15127374 ] Li Lu commented on HADOOP-8779: --- Agreed. IIUC tokens generally represent authorizations. We may want to

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13486088#comment-13486088 ] Daryn Sharp commented on HADOOP-8779: - bq. This might work. isSecurityEnabled is

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13485527#comment-13485527 ] Kan Zhang commented on HADOOP-8779: --- bq. Even if we used SASL PLAIN, we would still

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13484127#comment-13484127 ] Daryn Sharp commented on HADOOP-8779: - bq. Even if we used SASL PLAIN, we would still

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13483342#comment-13483342 ] Daryn Sharp commented on HADOOP-8779: - I think we're starting to over-engineer the

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13483877#comment-13483877 ] Kan Zhang commented on HADOOP-8779: --- bq. I think we're starting to over-engineer the

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13482155#comment-13482155 ] Kan Zhang commented on HADOOP-8779: --- Just to clarify, IMO, a cluster may be configured

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13482330#comment-13482330 ] Daryn Sharp commented on HADOOP-8779: - bq. {quote}3. Remove all the conditionals from

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13482763#comment-13482763 ] Kan Zhang commented on HADOOP-8779: --- bq. That's not how the token routines are

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13481489#comment-13481489 ] Daryn Sharp commented on HADOOP-8779: - bq. The deeper issue is whether the client

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13481771#comment-13481771 ] Kan Zhang commented on HADOOP-8779: --- bq. I think we need to be clear on which client we

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13481914#comment-13481914 ] Daryn Sharp commented on HADOOP-8779: - bq. {quote} I've long considered whether job

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13479272#comment-13479272 ] Kan Zhang commented on HADOOP-8779: --- There could be connections that can be of either

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13478008#comment-13478008 ] Daryn Sharp commented on HADOOP-8779: - I believe you are misunderstanding the patch,

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13478331#comment-13478331 ] Kan Zhang commented on HADOOP-8779: --- On the server side, you can support both SIMPLE

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13478377#comment-13478377 ] Daryn Sharp commented on HADOOP-8779: - The RPC client will use DIGEST-MD5 if and only

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13478488#comment-13478488 ] Kan Zhang commented on HADOOP-8779: --- Well, the job client scenario is just an example.

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13477497#comment-13477497 ] Kan Zhang commented on HADOOP-8779: --- I agree the use of tokens for subsequent

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13456453#comment-13456453 ] Kan Zhang commented on HADOOP-8779: --- Actually HADOOP-8758 is supposed to be a small

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13452054#comment-13452054 ] Daryn Sharp commented on HADOOP-8779: - I don't mind what jargon we use. We'll call

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13451502#comment-13451502 ] Kan Zhang commented on HADOOP-8779: --- Firstly, delegation tokens are not authorizations;

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13450794#comment-13450794 ] Daryn Sharp commented on HADOOP-8779: - The security framework currently only uses

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13450834#comment-13450834 ] Vinod Kumar Vavilapalli commented on HADOOP-8779: - Authorization without

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13450887#comment-13450887 ] Daryn Sharp commented on HADOOP-8779: - bq. Authorization without authentication or,

[jira] [Commented] (HADOOP-8779) Use tokens regardless of authentication type

[ https://issues.apache.org/jira/browse/HADOOP-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13451135#comment-13451135 ] Aaron T. Myers commented on HADOOP-8779: I think it's a bit of a