[HADOOP-15862] ABFS to support a Delegation Token provider which marshalls current Oauth secrets - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.2.0
Fix Version/s: None
Component/s: fs/adl
Labels:
None

Description

ABFS has an extension point for generating delegation tokens, presumably the implementation is actually using Kerberos to generate some secrets to pass around.

~~HADOOP-14556~~ shows how an object store can actually implement DTs which marshall full credentials over the wire to remote services, so allowing users to submit queries to shared clusters. This isn't as secure as kerberos, but does let users access their private data.

(This JIRA is avoiding worrying about session & role auth, just taking the config options for login and marshalling as a DT)

Attachments

Issue Links

depends upon

HADOOP-16068 ABFS Authentication and Delegation Token plugins to optionally be bound to specific URI of the store

Resolved

relates to

HADOOP-14556 S3A to support Delegation Tokens

Resolved

MAPREDUCE-7154 TokenCache.obtainTokensForNamenodes() to get DTs even when security is off

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Steve Loughran

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Oct/18 13:18

Updated:: 27/Feb/24 11:09