[
https://issues.apache.org/jira/browse/HDFS-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16564529#comment-16564529
]
Ajay Kumar commented on HDFS-13532:
-----------------------------------
[~crh], thanks for uploading the document.
{quote}Without delegation token use namenodes will end up putting all the load
on KDC for
kerberos ticket verification. This will defeat one of the main rationales
behind why
delegation tokens were introduced in namenode.
● Performance of namenodes will deteriorate further as network calls need to be
made to
kdc for ticket verification instead of in memory cache of delegation tokens
that is
maintained currently.{quote}
Could you please share more details on discussions around cons mentioned for
Approach 1. AFAIK kerberos auth is expensive operation but once connection is
established for router our rpc connections will be pooled.
> RBF: Adding security
> --------------------
>
> Key: HDFS-13532
> URL: https://issues.apache.org/jira/browse/HDFS-13532
> Project: Hadoop HDFS
> Issue Type: New Feature
> Reporter: Íñigo Goiri
> Assignee: Sherwood Zheng
> Priority: Major
> Attachments: RBF _ Security delegation token thoughts.pdf,
> Security_for_Router-based Federation_design_doc.pdf
>
>
> HDFS Router based federation should support security. This includes
> authentication and delegation tokens.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
