You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2021/07/09 08:10:18 UTC

[GitHub] [hadoop] tasanuma commented on a change in pull request #3190: HADOOP-17794. Add a sample configuration to use ZKDelegationTokenSecretManager in Hadoop KMS

tasanuma commented on a change in pull request #3190:
URL: https://github.com/apache/hadoop/pull/3190#discussion_r666759085



##########
File path: hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
##########
@@ -791,10 +791,62 @@ This secret sharing can be done using a Zookeeper service which is configured in
 $H4 Delegation Tokens
 
 Similar to HTTP authentication, KMS uses Hadoop Authentication for delegation tokens too.
+Under HA, every KMS instance must verify the delegation token given by another KMS instance.
+To do this, all the KMS instances must use ZKDelegationTokenSecretManager to retrieve
+the TokenIdentifiers and DelegationKeys from ZooKeeper.
 
-Under HA, A KMS instance must verify the delegation token given by another KMS instance, by checking the shared secret used to sign the delegation token. To do this, all KMS instances must be able to retrieve the shared secret from ZooKeeper.
+Sample configuration:

Review comment:
       How about adding the path of the configurations?
   ```suggestion
   Sample configuration in `etc/hadoop/kms-site.xml`:
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org