falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Becicka (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-1027) Falcon REST API trusted proxy support
Date Thu, 16 Jul 2015 10:43:05 GMT

    [ https://issues.apache.org/jira/browse/FALCON-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14629541#comment-14629541
] 

Jan Becicka commented on FALCON-1027:
-------------------------------------

Can I ask for evaluation of this issue? Any time estimates? Fix version is 0.6, but it does
not seem to be valid.


> Falcon REST API trusted proxy support
> -------------------------------------
>
>                 Key: FALCON-1027
>                 URL: https://issues.apache.org/jira/browse/FALCON-1027
>             Project: Falcon
>          Issue Type: Bug
>    Affects Versions: 0.6
>            Reporter: kenneth ho
>             Fix For: 0.6
>
>
> In the Dal timeframe Knox would like to be able to expose the Falcon REST API via the
gateway. In order for that to work securely it must be possible to setup a trust relationship
between Knox and Falcon. This is commonly done in other Hadoop ecosystem components using
a combination of Kerberos/SPNego and a doas URL query parameter. This provides a mechanism
for Falcon to strongly authenticate Knox as a trusted proxy, ensuring that it can trust the
identity assertions made via the doas query parameter. The links below provide some information
describing how this is done for core Hadoop. Also note that most components utilize Hadoop
core's reusable hadoop-auth module to implement this functionality.
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message