[STORM-346] (Security) Oozie style delegation tokens for HDFS - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.10.0
Component/s: storm-core
Labels:
- security

Description

Oozie has the ability to fetch delegation tokens on behalf of other users by running as a super user that can become a proxy user for almost anyone else.

We should build one or more classes similar to AutoTGT that can fetch a delegation token for HDFS/HBase, renew the token if needed, and then once the token is about to permanently expire fetch a new one.

According to some people I have talked with HBase may need to have a JIRA filed against it so that it can pick up a new delegation token without needing to restart the process.

Attachments

Activity

People

Assignee:: Parth Brahmbhatt

Reporter:: Robert Joseph Evans

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 10/Jun/14 19:28

Updated:: 09/Oct/15 00:49

Resolved:: 07/Aug/14 15:13