[
https://issues.apache.org/jira/browse/FALCON-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sowmya Ramesh updated FALCON-1027:
----------------------------------
Description:
In order for Falcon REST API to work securely via the Knox gateway it must be
possible to setup a trust relationship between Knox and Falcon. This is
commonly done in other Hadoop ecosystem components using a combination of
Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for
Falcon to strongly authenticate Knox as a trusted proxy, ensuring that it can
trust the identity assertions made via the doas query parameter. The links
below provide some information describing how this is done for core Hadoop.
Also note that most components utilize Hadoop core's reusable hadoop-auth
module to implement this functionality.
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user
was:
In the Dal timeframe Knox would like to be able to expose the Falcon REST API
via the gateway. In order for that to work securely it must be possible to
setup a trust relationship between Knox and Falcon. This is commonly done in
other Hadoop ecosystem components using a combination of Kerberos/SPNego and a
doas URL query parameter. This provides a mechanism for Falcon to strongly
authenticate Knox as a trusted proxy, ensuring that it can trust the identity
assertions made via the doas query parameter. The links below provide some
information describing how this is done for core Hadoop. Also note that most
components utilize Hadoop core's reusable hadoop-auth module to implement this
functionality.
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user
> Falcon REST API trusted proxy support
> -------------------------------------
>
> Key: FALCON-1027
> URL: https://issues.apache.org/jira/browse/FALCON-1027
> Project: Falcon
> Issue Type: Bug
> Affects Versions: 0.6
> Reporter: kenneth ho
> Assignee: Sowmya Ramesh
>
> In order for Falcon REST API to work securely via the Knox gateway it must be
> possible to setup a trust relationship between Knox and Falcon. This is
> commonly done in other Hadoop ecosystem components using a combination of
> Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for
> Falcon to strongly authenticate Knox as a trusted proxy, ensuring that it can
> trust the identity assertions made via the doas query parameter. The links
> below provide some information describing how this is done for core Hadoop.
> Also note that most components utilize Hadoop core's reusable hadoop-auth
> module to implement this functionality.
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
