falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "kenneth ho (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FALCON-1027) Falcon REST API trusted proxy support
Date Sun, 15 Feb 2015 21:07:12 GMT
kenneth ho created FALCON-1027:
----------------------------------

             Summary: Falcon REST API trusted proxy support
                 Key: FALCON-1027
                 URL: https://issues.apache.org/jira/browse/FALCON-1027
             Project: Falcon
          Issue Type: Bug
    Affects Versions: 0.6
            Reporter: kenneth ho
             Fix For: 0.6


In the Dal timeframe Knox would like to be able to expose the Falcon REST API via the gateway.
In order for that to work securely it must be possible to setup a trust relationship between
Knox and Falcon. This is commonly done in other Hadoop ecosystem components using a combination
of Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for Falcon to
strongly authenticate Knox as a trusted proxy, ensuring that it can trust the identity assertions
made via the doas query parameter. The links below provide some information describing how
this is done for core Hadoop. Also note that most components utilize Hadoop core's reusable
hadoop-auth module to implement this functionality.
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message