You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@slider.apache.org by "Jonathan Maron (JIRA)" <ji...@apache.org> on 2014/12/04 16:05:14 UTC

[jira] [Created] (SLIDER-694) Slider AM REST API trusted proxy support

Jonathan Maron created SLIDER-694:
-------------------------------------

             Summary: Slider AM REST API trusted proxy support
                 Key: SLIDER-694
                 URL: https://issues.apache.org/jira/browse/SLIDER-694
             Project: Slider
          Issue Type: Task
          Components: appmaster, security, Web & REST
            Reporter: Jonathan Maron
            Assignee: Jonathan Maron
             Fix For: Slider 0.70


In order for Slider and Knox to work securely it must be possible to setup a trust relationship between the two. This is commonly done in other Hadoop ecosystem components using a combination of Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for AM to strongly authenticate Knox as a trusted proxy, ensuring that it can trust the identity assertions made via the doas query parameter. The links below provide some information describing how this is done for core Hadoop. Also note that most components utilize Hadoop core's reusable hadoop-auth module to implement this functionality.
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)