Fixed typos
Project: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/commit/e39c6314 Tree: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/tree/e39c6314 Diff: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/diff/e39c6314 Branch: refs/heads/master Commit: e39c63142aaf35d36e384795e733bc543a53da83 Parents: 2e22527 Author: Pramod Immaneni <[email protected]> Authored: Tue Mar 22 16:37:59 2016 -0700 Committer: Pramod Immaneni <[email protected]> Committed: Tue Mar 22 16:37:59 2016 -0700 ---------------------------------------------------------------------- docs/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-apex-core/blob/e39c6314/docs/security.md ---------------------------------------------------------------------- diff --git a/docs/security.md b/docs/security.md index a2b2103..af157ce 100644 --- a/docs/security.md +++ b/docs/security.md @@ -120,7 +120,7 @@ In secure mode, STRAM has to authenticate with both Resource Manager and Name No #####Delegation Tokens -Delegation tokens are tokens that are dynamically issued by the source and clients use them to authenticate with the source. The source stores the delegation tokens it has issued in a cache and checks the delegation token sent by a client against the cache. If a match is found, the authentication is successful else it fails. This is the second mode of authentication in secure Hadoop after Kerberos. More details can be found in the Hadoop security design document. In this case the delegation tokens are issued by Resource Manager and Name Node. STRAM uses would use these tokens to authenticate with them. But how does it get them in the first place? This is where the launch client dtcli comes in. +Delegation tokens are tokens that are dynamically issued by the source and clients use them to authenticate with the source. The source stores the delegation tokens it has issued in a cache and checks the delegation token sent by a client against the cache. If a match is found, the authentication is successful else it fails. This is the second mode of authentication in secure Hadoop after Kerberos. More details can be found in the Hadoop security design document. In this case the delegation tokens are issued by Resource Manager and Name Node. STRAM would use these tokens to authenticate with them. But how does it get them in the first place? This is where the launch client dtcli comes in. The client dtcli, since it possesses Kerberos credentials as explained in the Application Launch section, is able to authenticate with Resource Manager and Name Node using Kerberos. It then requests for delegation tokens over the Kerberos authenticated connection. The servers return the delegation tokens in the response payload. The client in requesting the resource manager for the start of the application master container for STRAM seeds it with these tokens so that when STRAM starts it has these tokens. It can then use these tokens to authenticate with the Hadoop services.
