hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10769) Add getDelegationToken() method to KeyProvider
Date Wed, 02 Jul 2014 21:53:26 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050763#comment-14050763
] 

Larry McCay commented on HADOOP-10769:
--------------------------------------

Hi  [~atm] - That intent seems more reasonable to me but I can't say that I completely understand
the mechanics there. The crypto extension provides wrapped key functionality by providing
the implementation for it that can be used across all providers. How would we make this only
for the KMSClientKeyProvider without adding it to the key provider interface. Would it be
up to the consumer of the keyprovider to know whether to wrap it with the extension and to
call the getDelegationToken method or not? What happens if you wrap another provider type
with the extension and call it?

This is the sort of "what other options do we have" discussion that I was hoping to have here.

> Add getDelegationToken() method to KeyProvider
> ----------------------------------------------
>
>                 Key: HADOOP-10769
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10769
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>
> The KeyProvider API needs to return delegation tokens to enable access to the KeyProvider
from processes without Kerberos credentials (ie Yarn containers).
> This is required for HDFS encryption and KMS integration.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message