You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Santhosh G Nayak (JIRA)" <ji...@apache.org> on 2017/03/03 12:27:45 UTC
[jira] [Updated] (HADOOP-13945) Azure: Add Kerberos and Delegation
token support to WASB client.
[ https://issues.apache.org/jira/browse/HADOOP-13945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Santhosh G Nayak updated HADOOP-13945:
--------------------------------------
Attachment: HADOOP-13945.5.patch
[~liuml07], Thanks for reviewing the patch.
In the latest patch, I have incorporated following,
- @return annotation in the {{init()}} is removed as it is void return type.
- Marked {{DEFAULT_AZURE_AUTHORIZATION}} as final.
- Bug fix - Using {{UserGroupInformation#getLoginUser()}} whenever kerberos credentials are not available for {{UserGroupInformation#getCurrentUser()}}.
> Azure: Add Kerberos and Delegation token support to WASB client.
> ----------------------------------------------------------------
>
> Key: HADOOP-13945
> URL: https://issues.apache.org/jira/browse/HADOOP-13945
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/azure
> Affects Versions: 2.8.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Attachments: HADOOP-13945.1.patch, HADOOP-13945.2.patch, HADOOP-13945.3.patch, HADOOP-13945.4.patch, HADOOP-13945.5.patch
>
>
> Current implementation of Azure storage client for Hadoop ({{WASB}}) does not support Kerberos Authentication and FileSystem authorization, which makes it unusable in secure environments with multi user setup.
> To make {{WASB}} client more suitable to run in Secure environments, there are 2 initiatives under way for providing the authorization (HADOOP-13930) and fine grained access control (HADOOP-13863) support.
> This JIRA is created to add Kerberos and delegation token support to {{WASB}} client to fetch Azure Storage SAS keys (from Remote service as discussed in HADOOP-13863), which provides fine grained timed access to containers and blobs.
> For delegation token management, the proposal is it use the same REST service which being used to generate the SAS Keys.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org