Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15763 Über-JIRA: abfs phase II: Hadoop 3.3 features & fixes
  3. HADOOP-15862

ABFS to support a Delegation Token provider which marshalls current Oauth secrets

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.2.0
    • Fix Version/s: None
    • Component/s: fs/adl
    • Labels:
      None

      Description

      ABFS has an extension point for generating delegation tokens, presumably the implementation is actually using Kerberos to generate some secrets to pass around.

      HADOOP-14556 shows how an object store can actually implement DTs which marshall full credentials over the wire to remote services, so allowing users to submit queries to shared clusters. This isn't as secure as kerberos, but does let users access their private data.

      (This JIRA is avoiding worrying about session & role auth, just taking the config options for login and marshalling as a DT)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                stevel@apache.org Steve Loughran
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: