You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Joey Echeverria (JIRA)" <ji...@apache.org> on 2013/11/18 04:03:21 UTC
[jira] [Updated] (HADOOP-10108) Add support for kerberos delegation
to hadoop-auth
[ https://issues.apache.org/jira/browse/HADOOP-10108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joey Echeverria updated HADOOP-10108:
-------------------------------------
Attachment: HADOOP-10108-1.patch
Here's a patch that exposes the delegated credentials if delegation was allowed by the client. I modified one test case to ensure that credentials were actually delegated when requested by the client. I also added a test case to ensure credentials are not delegated when the client disable delegation.
The patch also adds the forwardable option to the default MiniKdc realm configuration file.
> Add support for kerberos delegation to hadoop-auth
> --------------------------------------------------
>
> Key: HADOOP-10108
> URL: https://issues.apache.org/jira/browse/HADOOP-10108
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0, 2.2.0
> Reporter: Joey Echeverria
> Assignee: Joey Echeverria
> Attachments: HADOOP-10108-1.patch
>
>
> Most services that need to perform Hadoop operations on behalf of an end-user make use of the built-in ability to configure trusted services and use Hadoop-specific delegation tokens. However, some web-applications need delegated access to both Hadoop and other kerberos-authenticated services. It'd be useful for these applications to user kerberos delegation when using hadoop-auth's SPNEGO libraries.
--
This message was sent by Atlassian JIRA
(v6.1#6144)