You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Maziar Mirzazad (Jira)" <ji...@apache.org> on 2020/04/17 22:49:00 UTC
[jira] [Updated] (HADOOP-16996) Add capability in hadoop-client to
automatically login from a client/service keytab
[ https://issues.apache.org/jira/browse/HADOOP-16996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maziar Mirzazad updated HADOOP-16996:
-------------------------------------
Description:
At Twitter we are planning to Kerberize our hadoop infrastructure, and we have many services that are going to use those clusters.
With current hadoop client implementation, every single service need to change the application and add UGI.loginFromKeyTab() before doing HDFS or M/R API calls.
To avoid that, we are proposing adding Keytab based login to hadoop client library for Kerberized clusters with configurable default paths for Keytabs.
This improvement should avoid extra login tries in case a valid TGT is available.
was:Services using a kerberos keytab needs to do UGI.loginFromKeyTab() before doing any HDFS or M/R API calls. Instead of every service doing this, we can add keytab based login to hadoop-client library.
> Add capability in hadoop-client to automatically login from a client/service keytab
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-16996
> URL: https://issues.apache.org/jira/browse/HADOOP-16996
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Maziar Mirzazad
> Priority: Minor
> Fix For: 2.9.2
>
>
> At Twitter we are planning to Kerberize our hadoop infrastructure, and we have many services that are going to use those clusters.
> With current hadoop client implementation, every single service need to change the application and add UGI.loginFromKeyTab() before doing HDFS or M/R API calls.
> To avoid that, we are proposing adding Keytab based login to hadoop client library for Kerberized clusters with configurable default paths for Keytabs.
> This improvement should avoid extra login tries in case a valid TGT is available.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org