hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jitendra Nath Pandey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14640) Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth cookie for authorization, SASKey and delegation token generation
Date Thu, 13 Jul 2017 16:43:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085974#comment-16085974
] 

Jitendra Nath Pandey commented on HADOOP-14640:
-----------------------------------------------

[~snayak], the only concern I have is that token parsing makes this code tightly coupled with
the token format. In other words, if the token format changes this code will break, and, it
is not easy to have client and server upgrade at the same time. Effectively, any token format
change will become an incompatible change and hence unacceptable in a minor release.
  Do you believe, in this case token format is unlikely to change until next major release?

As you rightly pointed out, that because of time differences in machines there is a possibility
of using expired tokens, even with proactivity of 5 mins. Therefore, a retry is desirable,
but that can be done as an improvement in a later jira. 

Thanks for fixing other issues.

> Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth
cookie for authorization, SASKey and delegation token generation
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14640
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14640
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>              Labels: security
>         Attachments: HADOOP-14640.1.patch, HADOOP-14640.2.patch
>
>
> Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma separated list
of URLs for authorization, SASKey generation and delegation token generation.
> To improve the performance, if service runs on the local machine, give it first preference
over the other configured list of URLs. 
> Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for every request
by talking to the remote service, before making actual rest requests.
> The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests from same
{{WasbRemoteCallHelper}} object until its expiry time. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message