You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@livy.apache.org by vanzin <gi...@git.apache.org> on 2018/10/01 22:22:04 UTC

[GitHub] incubator-livy pull request #117: [WIP][LIVY-502] Remove dependency on hive-...

Github user vanzin commented on a diff in the pull request:

    https://github.com/apache/incubator-livy/pull/117#discussion_r221768243
  
    --- Diff: thriftserver/server/src/main/scala/org/apache/livy/thriftserver/auth/LivyDelegationTokenSecretManager.scala ---
    @@ -0,0 +1,81 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.livy.thriftserver.auth
    +
    +import java.io.{ByteArrayInputStream, DataInputStream, IOException}
    +
    +import org.apache.hadoop.io.Text
    +import org.apache.hadoop.security.token.Token
    +import org.apache.hadoop.security.token.delegation.{AbstractDelegationTokenIdentifier, AbstractDelegationTokenSecretManager}
    +
    +import org.apache.livy.LivyConf
    +
    +/**
    + * A secret manager. It is taken from analogous implementation in the MapReduce client.
    + */
    +class LivyDelegationTokenSecretManager(val livyConf: LivyConf)
    --- End diff --
    
    Do you need this stuff? Following my previous comment, I think this would make sense if the main Livy server also supported delegation tokens.
    
    Otherwise it seems this could just be removed from Livy? i.e. you can authenticate using plain kerberos (= you have a TGT) but not with a delegation token.


---