Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.0.0-alpha
-
None
-
Incompatible change, Reviewed
Description
Currently hadoop-auth AuthenticationHandler only authenticates a request.
While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
Attachments
Attachments
Issue Links
- is depended upon by
-
HADOOP-8465 hadoop-auth should support ephemeral authentication
- Closed
- is required by
-
HDFS-3113 httpfs does not support delegation tokens
- Closed