[
https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15894839#comment-15894839
]
Daryn Sharp commented on HADOOP-14104:
--------------------------------------
Credentials are simply a container in the ugi for tokens and/or secrets. There
is no notion of client, server, etc. Credentials are the mechanism by which
tokens are propagated throughout a job.
I may be understanding the EZ w/o security question (which seems an entirely
contrived use case), but regardless: if tokens are available, so are the
secrets since they are both packaged in the credentials object. If this use
case works today then it will continue to work with the mappings based approach.
> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>
> Key: HADOOP-14104
> URL: https://issues.apache.org/jira/browse/HADOOP-14104
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Rushabh S Shah
> Assignee: Rushabh S Shah
> Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch
>
>
> According to current implementation of kms provider in client conf, there can
> only be one kms.
> In multi-cluster environment, if a client is reading encrypted data from
> multiple clusters it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
