[
https://issues.apache.org/jira/browse/STORM-346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14042369#comment-14042369
]
Parth Brahmbhatt commented on STORM-346:
----------------------------------------
I have started to work on this but after looking through the security code I am
not clear about the issue completely. Currently we have some code in AutoTGT
that attempts auto login to hadoop if hadoop is in the classPath. Is this task
asking for implementation to ensure we check if HDFS and HBASE is in class path
and if yes, fetch delegation tokens and store it? Shouldn't this be part of
HDFS and HBASE bolts, where the actual interactions would happen? Or this issue
is just for creating a helper so clients that use HDFS and HBASE can get
delegation token using this helper?
> (Security) Oozie style delegation tokens for HDFS/HBase
> -------------------------------------------------------
>
> Key: STORM-346
> URL: https://issues.apache.org/jira/browse/STORM-346
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Labels: security
>
> Oozie has the ability to fetch delegation tokens on behalf of other users by
> running as a super user that can become a proxy user for almost anyone else.
> We should build one or more classes similar to AutoTGT that can fetch a
> delegation token for HDFS/HBase, renew the token if needed, and then once the
> token is about to permanently expire fetch a new one.
> According to some people I have talked with HBase may need to have a JIRA
> filed against it so that it can pick up a new delegation token without
> needing to restart the process.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
