You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Ruslan Dautkhanov (JIRA)" <ji...@apache.org> on 2019/02/19 04:37:00 UTC

[jira] [Created] (HADOOP-16120) Lazily allocate KMS delegation tokens

Ruslan Dautkhanov created HADOOP-16120:
------------------------------------------

             Summary: Lazily allocate KMS delegation tokens
                 Key: HADOOP-16120
                 URL: https://issues.apache.org/jira/browse/HADOOP-16120
             Project: Hadoop Common
          Issue Type: Improvement
          Components: kms, security
    Affects Versions: 3.1.2, 2.8.5
            Reporter: Ruslan Dautkhanov


We noticed that HDFS clients talk to KMS even when they try to access not encrypted databases.. Is there is a way to make HDFS clients to talk to KMS servers *only* when they need access to encrypted data? Since we will be encrypting only one database (and 50 other databases will not be encrypted), in case if KMS is down for maintenance or for some other reason, we want to limit outage only to encrypted data.

In other words, it would be great if KMS delegation toekns would be allocated lazily - on first request to encrypted data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org