hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7295) Support arbitrary max expiration times for delegation token
Date Mon, 27 Oct 2014 14:40:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14185194#comment-14185194
] 

Steve Loughran commented on HDFS-7295:
--------------------------------------

# there are the wants and needs of the ops teams to consider too. They may consider an arbitrary
duration of an HDFS kerberos token to be too long, because it means that any stolen token
can be used forever. Hence the limits today. 
# If ops teams can specify a finite limit then long lived services do have to deal with that
limit
# the other solution, as used in SLIDER-474, is simply have the AM take a keytab. 

> Support arbitrary max expiration times for delegation token
> -----------------------------------------------------------
>
>                 Key: HDFS-7295
>                 URL: https://issues.apache.org/jira/browse/HDFS-7295
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Anubhav Dhoot
>
> Currently the max lifetime of HDFS delegation tokens is hardcoded to 7 days. This is
a problem for different users of HDFS such as long running YARN apps. Users should be allowed
to optionally specify max lifetime for their tokens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message