You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2018/02/09 02:40:00 UTC
[jira] [Resolved] (STORM-2898) Storm should support auth through
delegation tokens for workers
[ https://issues.apache.org/jira/browse/STORM-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Joseph Evans resolved STORM-2898.
----------------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0
I merged this into master
> Storm should support auth through delegation tokens for workers
> ---------------------------------------------------------------
>
> Key: STORM-2898
> URL: https://issues.apache.org/jira/browse/STORM-2898
> Project: Apache Storm
> Issue Type: New Feature
> Components: storm-client, storm-server
> Affects Versions: 2.0.0
> Reporter: Robert Joseph Evans
> Assignee: Robert Joseph Evans
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.0.0
>
> Time Spent: 6h 10m
> Remaining Estimate: 0h
>
> There are a lot of cases where it would be great for a worker to be able to communicate directly to nimbus, supervisors, or drpc servers in a secure way out of the box.
> This is currently a pain to make work. The user has to ship a TGT with their topology, and continually keep it up to date with credentials-push. They also need a kind of hacked up jaas.conf to grab the TGT from AutoTGT and put it in the place that he client wants it.
> We should just generate a signed data structure (aka delegation token from hadoop) that we can had off to the topologies to use when talking to nimbus, a supervisor, or drpc servers.
> We may want to split up the different services from each other to make an attack against one not hit all of them, but that is something we can think about with the design of this.
> I will try to come up with a design shortly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)