hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anandsagar Kothapalli (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14579) Azure: Add Kerberos and Delegation token support to ADLS client.
Date Fri, 23 Jun 2017 00:41:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Anandsagar Kothapalli updated HADOOP-14579:
-------------------------------------------
    Description: 
Current implementation of Azure storage client for Hadoop ({{ADLS}}) does not support Kerberos
Authentication and FileSystem authorization, which makes it unusable in secure environments
with multi user setup. 
To make {{ADLS}} client more suitable to run in Secure environments, HADOOP-14565 is under
way for providing the authorization and fine grained access control support.

This JIRA is created to add Kerberos and delegation token support to {{ADLS}} client to fetch
Azure Storage SAS keys, which provides fine grained timed access to containers and blobs.

For delegation token management, the proposal is it use the same REST service which being
used to generate the SAS Keys.

  was:
Current implementation of Azure storage client for Hadoop ({{WASB}}) does not support Kerberos
Authentication and FileSystem authorization, which makes it unusable in secure environments
with multi user setup. 
To make {{WASB}} client more suitable to run in Secure environments, there are 2 initiatives
under way for providing the authorization (HADOOP-13930) and fine grained access control (HADOOP-13863)
support.

This JIRA is created to add Kerberos and delegation token support to {{WASB}} client to fetch
Azure Storage SAS keys (from Remote service as discussed in HADOOP-13863), which provides
fine grained timed access to containers and blobs. 
For delegation token management, the proposal is it use the same REST service which being
used to generate the SAS Keys.


> Azure: Add Kerberos and Delegation token support to ADLS client.
> ----------------------------------------------------------------
>
>                 Key: HADOOP-14579
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14579
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.8.0
>            Reporter: Anandsagar Kothapalli
>            Assignee: Santhosh G Nayak
>             Fix For: 2.9.0, 3.0.0-alpha4
>
>
> Current implementation of Azure storage client for Hadoop ({{ADLS}}) does not support
Kerberos Authentication and FileSystem authorization, which makes it unusable in secure environments
with multi user setup. 
> To make {{ADLS}} client more suitable to run in Secure environments, HADOOP-14565 is
under way for providing the authorization and fine grained access control support.
> This JIRA is created to add Kerberos and delegation token support to {{ADLS}} client
to fetch Azure Storage SAS keys, which provides fine grained timed access to containers and
blobs. 
> For delegation token management, the proposal is it use the same REST service which being
used to generate the SAS Keys.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message