[
https://issues.apache.org/jira/browse/HADOOP-10108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joey Echeverria updated HADOOP-10108:
-------------------------------------
Attachment: HADOOP-10108-1.patch
Here's a patch that exposes the delegated credentials if delegation was allowed
by the client. I modified one test case to ensure that credentials were
actually delegated when requested by the client. I also added a test case to
ensure credentials are not delegated when the client disable delegation.
The patch also adds the forwardable option to the default MiniKdc realm
configuration file.
> Add support for kerberos delegation to hadoop-auth
> --------------------------------------------------
>
> Key: HADOOP-10108
> URL: https://issues.apache.org/jira/browse/HADOOP-10108
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0, 2.2.0
> Reporter: Joey Echeverria
> Assignee: Joey Echeverria
> Attachments: HADOOP-10108-1.patch
>
>
> Most services that need to perform Hadoop operations on behalf of an end-user
> make use of the built-in ability to configure trusted services and use
> Hadoop-specific delegation tokens. However, some web-applications need
> delegated access to both Hadoop and other kerberos-authenticated services.
> It'd be useful for these applications to user kerberos delegation when using
> hadoop-auth's SPNEGO libraries.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
