falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Kaspar (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Deleted] (FALCON-1027) Falcon REST API trusted proxy support
Date Wed, 02 Sep 2015 12:37:45 GMT

     [ https://issues.apache.org/jira/browse/FALCON-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Kaspar updated FALCON-1027:
---------------------------------
    Comment: was deleted

(was: Hi,

I am on vacation until September 1st, 2015.

If you need any immediate assistance, please, contact my manager Martin Ryzl (martin.ryzl@merck.com).
Otherwise I will get back to you when I return.

Thanks,
  David

Notice:  This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (2000 Galloping Hill Road, Kenilworth,
New Jersey, USA 07033), and/or its affiliates Direct contact information
for affiliates is available at 
http://www.merck.com/contact/contacts.html) that may be confidential,
proprietary copyrighted and/or legally privileged. It is intended solely
for the use of the individual or entity named on this message. If you are
not the intended recipient, and have received this message in error,
please notify us immediately by reply e-mail and then delete it from 
your system.
)

> Falcon REST API trusted proxy support
> -------------------------------------
>
>                 Key: FALCON-1027
>                 URL: https://issues.apache.org/jira/browse/FALCON-1027
>             Project: Falcon
>          Issue Type: New Feature
>    Affects Versions: 0.7
>            Reporter: kenneth ho
>            Assignee: Sowmya Ramesh
>         Attachments: ApacheFalcon-Proxyusersupport.pdf, FALCON-1027.v0.patch, FALCON-1027.v1.patch,
FALCON-1027.v2.patch
>
>
> In order for Falcon REST API to work securely via the Knox gateway it must be possible
to setup a trust relationship between Knox and Falcon. This is commonly done in other Hadoop
ecosystem components using a combination of Kerberos/SPNego and a doas URL query parameter.
This provides a mechanism for Falcon to strongly authenticate Knox as a trusted proxy, ensuring
that it can trust the identity assertions made via the doas query parameter. The links below
provide some information describing how this is done for core Hadoop. Also note that most
components utilize Hadoop core's reusable hadoop-auth module to implement this functionality.
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message