hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ajay Kumar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-13532) RBF: Adding security
Date Wed, 01 Aug 2018 00:11:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16564529#comment-16564529
] 

Ajay Kumar commented on HDFS-13532:
-----------------------------------

[~crh], thanks for uploading the document.

{quote}Without delegation token use namenodes will end up putting all the load on KDC for
kerberos ticket verification. This will defeat one of the main rationales behind why
delegation tokens were introduced in namenode.
● Performance of namenodes will deteriorate further as network calls need to be made to
kdc for ticket verification instead of in memory cache of delegation tokens that is
maintained currently.{quote}
Could you please share more details on discussions around cons mentioned for Approach 1. AFAIK
kerberos auth is expensive operation but once connection is established for router our rpc
connections will be pooled.


> RBF: Adding security
> --------------------
>
>                 Key: HDFS-13532
>                 URL: https://issues.apache.org/jira/browse/HDFS-13532
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>            Reporter: Íñigo Goiri
>            Assignee: Sherwood Zheng
>            Priority: Major
>         Attachments: RBF _ Security delegation token thoughts.pdf, Security_for_Router-based
Federation_design_doc.pdf
>
>
> HDFS Router based federation should support security. This includes authentication and
delegation tokens.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message