Uploaded image for project: 'Apache Storm'
  1. Apache Storm
  2. STORM-346

(Security) Oozie style delegation tokens for HDFS

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.10.0
    • Component/s: storm-core
    • Labels:

      Description

      Oozie has the ability to fetch delegation tokens on behalf of other users by running as a super user that can become a proxy user for almost anyone else.

      We should build one or more classes similar to AutoTGT that can fetch a delegation token for HDFS/HBase, renew the token if needed, and then once the token is about to permanently expire fetch a new one.

      According to some people I have talked with HBase may need to have a JIRA filed against it so that it can pick up a new delegation token without needing to restart the process.

        Attachments

          Activity

            People

            • Assignee:
              parth.brahmbhatt Parth Brahmbhatt
              Reporter:
              revans2 Robert Joseph Evans

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment