You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Neil Joshi (Jira)" <ji...@apache.org> on 2021/08/26 22:01:00 UTC
[jira] [Commented] (HDDS-5476) Support Ozone s3 authentication with
arbitrary accessId that is not same as the kerberos ID.
[ https://issues.apache.org/jira/browse/HDDS-5476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17405487#comment-17405487 ]
Neil Joshi commented on HDDS-5476:
----------------------------------
Hi [~avijayan], thanks for bringing up this feature. FYI - S3 authentication for processing s3 requests with the s3g gRPC transport places s3 header authentication info into the Ozone token (modifications to the OzoneManagerProtocol) for authentication on a per request basis. Adds s3 authentication header info signature, awsAccessId, and generated stringToSign to ozone token and processed through OmClientProtocol (OzoneManagerProtocol). See HDDS-5612.
> Support Ozone s3 authentication with arbitrary accessId that is not same as the kerberos ID.
> --------------------------------------------------------------------------------------------
>
> Key: HDDS-5476
> URL: https://issues.apache.org/jira/browse/HDDS-5476
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: Ozone Manager, S3
> Reporter: Aravindan Vijayan
> Assignee: Aravindan Vijayan
> Priority: Major
>
> As part of the feature to support multi tenancy, we allow a tenant admin to assign a user to a tenant with an optional flag to specify a different accessId than the kerberos user name. To support this, changes are needed Token based authentication between S3 and Ozone Manager.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org