You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2018/01/11 16:55:00 UTC

[jira] [Created] (STORM-2898) Strom should support auth through delegation tokens for workers

Robert Joseph Evans created STORM-2898:
------------------------------------------

             Summary: Strom should support auth through delegation tokens for workers
                 Key: STORM-2898
                 URL: https://issues.apache.org/jira/browse/STORM-2898
             Project: Apache Storm
          Issue Type: New Feature
          Components: storm-client, storm-server
    Affects Versions: 2.0.0
            Reporter: Robert Joseph Evans
            Assignee: Robert Joseph Evans


There are a lot of cases where it would be great for a worker to be able to communicate directly to nimbus, supervisors, or drpc servers in a secure way out of the box.

This is currently a pain to make work.  The user has to ship a TGT with their topology, and continually keep it up to date with credentials-push.  They also need a kind of hacked up jaas.conf to grab the TGT from AutoTGT and put it in the place that he client wants it.

We should just generate a signed data structure (aka delegation token from hadoop) that we can had off to the topologies to use when talking to nimbus, a supervisor, or drpc servers.

We may want to split up the different services from each other to make an attack against one not hit all of them, but that is something we can think about with the design of this.

I will try to come up with a design shortly.




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)