[
https://issues.apache.org/jira/browse/FALCON-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sowmya Ramesh updated FALCON-1027:
----------------------------------
Fix Version/s: (was: 0.6)
> Falcon REST API trusted proxy support
> -------------------------------------
>
> Key: FALCON-1027
> URL: https://issues.apache.org/jira/browse/FALCON-1027
> Project: Falcon
> Issue Type: Bug
> Affects Versions: 0.6
> Reporter: kenneth ho
> Assignee: Sowmya Ramesh
>
> In the Dal timeframe Knox would like to be able to expose the Falcon REST API
> via the gateway. In order for that to work securely it must be possible to
> setup a trust relationship between Knox and Falcon. This is commonly done in
> other Hadoop ecosystem components using a combination of Kerberos/SPNego and
> a doas URL query parameter. This provides a mechanism for Falcon to strongly
> authenticate Knox as a trusted proxy, ensuring that it can trust the identity
> assertions made via the doas query parameter. The links below provide some
> information describing how this is done for core Hadoop. Also note that most
> components utilize Hadoop core's reusable hadoop-auth module to implement
> this functionality.
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
