Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-8458

Add management hook to AuthenticationHandler to enable delegation token operations support

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.0-alpha
    • 2.0.2-alpha
    • security
    • None
    • Incompatible change, Reviewed

    Description

      Currently hadoop-auth AuthenticationHandler only authenticates a request.

      While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.

      The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).

      Attachments

        1. HADOOP-8458.patch
          23 kB
          Alejandro Abdelnur
        2. HADOOP-8458.patch
          22 kB
          Alejandro Abdelnur

        Issue Links

          is depended upon by

          New Feature - A new feature of the product, which has yet to be developed. HADOOP-8465 hadoop-auth should support ephemeral authentication

          • Major - Major loss of function.
          • Closed
          is required by

          New Feature - A new feature of the product, which has yet to be developed. HDFS-3113 httpfs does not support delegation tokens

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tucu00 Alejandro Abdelnur
              tucu00 Alejandro Abdelnur
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: