Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9392 Token based authentication and Single Sign On
  3. HADOOP-9797

Pluggable and compatible UGI change

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security

    Description

      As already widely discussed current UGI related classes needs to be improved in many aspects. This is to improve and make UGI so that it can be:

      • Pluggable, new authentication method with its login module can be dynamically registered and plugged without having to change the UGI class;
      • Extensible, login modules with their options can be dynamically extended and customized so that can be reusable elsewhere, like in TokenAuth;
      • No Kerberos relevant, remove any Kerberos relevant functionalities out of it to make it simple and suitable for other login mechanisms;
      • Of appropriate abstraction and API, with improved abstraction and API it’s possible to allow authentication implementations not using JAAS modules;
      • Compatible, should be compatible with previous deployment and authentication methods, so the existing APIs won’t be removed and some of them are just to be deprecated.

      Attachments

        1. HADOOP-9797-v3.patch
          134 kB
          Kai Zheng
        2. HADOOP-9797-v2.patch
          132 kB
          Kai Zheng
        3. Pluggable and Compatible UGI Change.pdf
          734 kB
          Kai Zheng
        4. HADOOP-9797-v1.patch
          98 kB
          Kai Zheng

        Issue Links

          contains

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-9927 USER_KERBEROS_LOGIN in UGI should use Krb5LoginModule as REQUIRED, instead of OPTIONAL

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9841 Manageable login configuration and options for UGI

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9926 Authentication specific login implementation in separate class from UGI

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9947 Remove Kerberos specific login implementation out of UGI into separate class

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9975 Adding relogin() method to UGI

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9925 Remove groups static and testing related codes out of UGI class

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9840 Improve User class for UGI and decouple it from Kerberos

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Patch Available

          Test - A new unit, integration or system test. HADOOP-9943 Adding ticket cache login test for UGI by using MiniKdc

          • Major - Major loss of function.
          • Open

          Test - A new unit, integration or system test. HADOOP-9942 Adding keytab login test for UGI using MiniKdc

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Patch Available
          relates to

          Sub-task - The sub-task of the issue HADOOP-9852 UGI login user keytab and principal should not be static

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              drankye Kai Zheng
              drankye Kai Zheng
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated: