[jira] Commented: (HADOOP-6988) Add support for reading multiple hadoop delegation token files

Fri, 08 Oct 2010 11:30:56 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12919344#action_12919344
 ] 

Aaron T. Myers commented on HADOOP-6988:
----------------------------------------

Thanks for the thoughtful comments, Devaraj.

As I said earlier, this is really only for convenience, as it's entirely 
possible to stuff multiple delegation token objects into a single credentials 
object, which is then serialized to a file. I considered creating a tool which 
would be capable of merging multiple delegation token files into one, but this 
seemed like a cleaner solution. Rather than having every script/job/program 
that wants to pass multiple independently-fetched delegation token files first 
invoke some command to merge them, just specify them all via the method that 
already exists.

The problem with specifying mapreduce.job.hdfs-servers for my particular 
use-case is that delegation tokens can't be fetched if the application which is 
submitting the job is only authenticated via a delegation token in the first 
place. That said, I see this issue as being largely orthogonal from the core 
question of whether or not it is reasonable to want to specify multiple 
delegation token files via the system that already exists.

> Add support for reading multiple hadoop delegation token files
> --------------------------------------------------------------
>
>                 Key: HADOOP-6988
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6988
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.22.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: hadoop-6988.0.txt, hadoop-6988.1.txt
>
>
> It would be nice if there were a way to specify multiple delegation token 
> files via the HADOOP_TOKEN_FILE_LOCATION environment variable and the 
> "mapreduce.job.credentials.binary" configuration value. I suggest a 
> colon-separated list of paths, each of which is read as a separate delegation 
> token file.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to