[SLIDER-694] Slider AM REST API trusted proxy support - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: Slider 2.0.0
Component/s: appmaster, security, Web & REST
Labels:
None

Description

In order for Slider and Knox to work securely it must be possible to setup a trust relationship between the two. This is commonly done in other Hadoop ecosystem components using a combination of Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for AM to strongly authenticate Knox as a trusted proxy, ensuring that it can trust the identity assertions made via the doas query parameter. The links below provide some information describing how this is done for core Hadoop. Also note that most components utilize Hadoop core's reusable hadoop-auth module to implement this functionality.
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user

Attachments

Sub-Tasks

1.	Need to enable support for spnego/kerberos for AM Rest resources		Open	Jonathan Maron
2.	Explore mechanisms for establishing doAs identity		Open	Jonathan Maron

Activity

People

Assignee:: Jonathan Maron

Reporter:: Jonathan Maron

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 04/Dec/14 15:04

Updated:: 20/Jan/15 23:36