hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12563) Updated utility to create/modify token files
Date Fri, 15 Jan 2016 00:06:39 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15099171#comment-15099171
] 

Larry McCay commented on HADOOP-12563:
--------------------------------------

[~aw] - thanks for the response - somehow I missed it earlier.

The ability to have multiple formats would be great.
There has been some other similar discussion around using JWT as a normalized authentication
token.
I'd like to dig into this ability and make sure it is accounted for in the current design.

I envision an hinit command for authentication that results in a protected (JWT) token file
that can be used for authentication.
This is very much inline with dtutil - apart from the current token format.

There is a filter available for use with the UIs that accepts cookies with JWT tokens available
in trunk. It leverages the nimbus library for JWT support.

So, can we talk about the ability to have different formats now or do we have to talk about
adding the ability in a follow up to this?

Thanks again!

> Updated utility to create/modify token files
> --------------------------------------------
>
>                 Key: HADOOP-12563
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12563
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 3.0.0
>            Reporter: Allen Wittenauer
>            Assignee: Matthew Paduano
>         Attachments: HADOOP-12563.01.patch, HADOOP-12563.02.patch, HADOOP-12563.03.patch,
HADOOP-12563.04.patch, HADOOP-12563.05.patch, HADOOP-12563.06.patch, example_dtutil_commands_and_output.txt,
generalized_token_case.pdf
>
>
> hdfs fetchdt is missing some critical features and is geared almost exclusively towards
HDFS operations.  Additionally, the token files that are created use Java serializations which
are hard/impossible to deal with in other languages. It should be replaced with a better utility
in common that can read/write protobuf-based token files, has enough flexibility to be used
with other services, and offers key functionality such as append and rename. The old version
file format should still be supported for backward compatibility, but will be effectively
deprecated.
> A follow-on JIRA will deprecrate fetchdt.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message