You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Santhosh G Nayak (JIRA)" <ji...@apache.org> on 2017/03/03 12:27:45 UTC

[jira] [Updated] (HADOOP-13945) Azure: Add Kerberos and Delegation token support to WASB client.

     [ https://issues.apache.org/jira/browse/HADOOP-13945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Santhosh G Nayak updated HADOOP-13945:
--------------------------------------
    Attachment: HADOOP-13945.5.patch

[~liuml07], Thanks for reviewing the patch.

In the latest patch, I have incorporated following, 
- @return annotation in the {{init()}} is removed as it is void return type.
- Marked {{DEFAULT_AZURE_AUTHORIZATION}} as final.
- Bug fix - Using {{UserGroupInformation#getLoginUser()}} whenever kerberos credentials are not available for {{UserGroupInformation#getCurrentUser()}}.

> Azure: Add Kerberos and Delegation token support to WASB client.
> ----------------------------------------------------------------
>
>                 Key: HADOOP-13945
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13945
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.8.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-13945.1.patch, HADOOP-13945.2.patch, HADOOP-13945.3.patch, HADOOP-13945.4.patch, HADOOP-13945.5.patch
>
>
> Current implementation of Azure storage client for Hadoop ({{WASB}}) does not support Kerberos Authentication and FileSystem authorization, which makes it unusable in secure environments with multi user setup. 
> To make {{WASB}} client more suitable to run in Secure environments, there are 2 initiatives under way for providing the authorization (HADOOP-13930) and fine grained access control (HADOOP-13863) support.
> This JIRA is created to add Kerberos and delegation token support to {{WASB}} client to fetch Azure Storage SAS keys (from Remote service as discussed in HADOOP-13863), which provides fine grained timed access to containers and blobs. 
> For delegation token management, the proposal is it use the same REST service which being used to generate the SAS Keys.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org