falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ajay Yadava (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-1027) Falcon REST API trusted proxy support
Date Thu, 03 Sep 2015 07:53:46 GMT

    [ https://issues.apache.org/jira/browse/FALCON-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14728640#comment-14728640
] 

Ajay Yadava commented on FALCON-1027:
-------------------------------------

Hi [~jbecicka2]

Currently release 0.7 is already under vote. We haven't yet decided what next release will
be(0.7.1/0.8/1.0) but we are targeting/hoping it in another 4-6 weeks from 0.7. This will
be committed soon to trunk (as Sowmya has mentioned) and will be part of next release whichever
that is. Hope it helps.



> Falcon REST API trusted proxy support
> -------------------------------------
>
>                 Key: FALCON-1027
>                 URL: https://issues.apache.org/jira/browse/FALCON-1027
>             Project: Falcon
>          Issue Type: New Feature
>    Affects Versions: 0.7
>            Reporter: kenneth ho
>            Assignee: Sowmya Ramesh
>             Fix For: trunk
>
>         Attachments: ApacheFalcon-Proxyusersupport.pdf, FALCON-1027.v0.patch, FALCON-1027.v1.patch,
FALCON-1027.v2.patch
>
>
> In order for Falcon REST API to work securely via the Knox gateway it must be possible
to setup a trust relationship between Knox and Falcon. This is commonly done in other Hadoop
ecosystem components using a combination of Kerberos/SPNego and a doas URL query parameter.
This provides a mechanism for Falcon to strongly authenticate Knox as a trusted proxy, ensuring
that it can trust the identity assertions made via the doas query parameter. The links below
provide some information describing how this is done for core Hadoop. Also note that most
components utilize Hadoop core's reusable hadoop-auth module to implement this functionality.
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message