[
https://issues.apache.org/jira/browse/HDFS-7984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14380931#comment-14380931
]
Allen Wittenauer commented on HDFS-7984:
----------------------------------------
Sort of.
Today, WebHDFS's authentication logic is mainly predicated that the one is
using SPNEGO either within the same realm or in multiple realms with a trust
established. If one has a two Hadoop clusters in different realms with no
trust, there is no way that I'm aware of to distcp between those two systems in
a secure fashion. It should be possible to either 'hdfs fetchdt' (or
equivalent) a token from one cluster. Copy it over to the other realm. Then
give that token as part of the job conf during the distcp on the foreign/other
cluster to use as the authentication.
Coupled with HDFS-7983, one can see where this would be useful beyond the
strictly cluster<->cluster talked about above.
> webhdfs:// needs to support provided delegation tokens
> ------------------------------------------------------
>
> Key: HDFS-7984
> URL: https://issues.apache.org/jira/browse/HDFS-7984
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: webhdfs
> Affects Versions: 3.0.0
> Reporter: Allen Wittenauer
> Priority: Blocker
>
> When using the webhdfs:// filesystem (especially from distcp), we need the
> ability to inject a delegation token rather than webhdfs initialize its own.
> This would allow for cross-authentication-zone file system accesses.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
