[
https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15894810#comment-15894810
]
Yongjun Zhang commented on HADOOP-14104:
----------------------------------------
Thanks [~daryn]!
Some follow-up questions:
My understanding is that the credential map exists at the server side (NN of a
cluster), thus NN should populate the fs/kms provider mapping, is that
understanding correct? If so, where and when does NN populate the mapping?
How the client gets the credential map?
Does this work only for kerberized cluster, but not non-kerberized cluster? If
that's the case, how we solve the problem of non-kerberized cluster with
encryption zone?
Thanks much.
> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>
> Key: HADOOP-14104
> URL: https://issues.apache.org/jira/browse/HADOOP-14104
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Rushabh S Shah
> Assignee: Rushabh S Shah
> Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch
>
>
> According to current implementation of kms provider in client conf, there can
> only be one kms.
> In multi-cluster environment, if a client is reading encrypted data from
> multiple clusters it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
