[jira] [Comment Edited] (HDFS-13532) RBF: Adding security

Fri, 21 Sep 2018 10:49:21 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16623943#comment-16623943
 ] 

CR Hota edited comment on HDFS-13532 at 9/21/18 5:48 PM:
---------------------------------------------------------

[~brahmareddy]

Thanks for sharing your comments.

Updated the document with your review points. Yes Cons mentioned earlier in 
Approach 1 is invalid. Irrespective of using tokens for auth, even in kerberos 
route, a client side service ticket is cached and when a service ticket is 
presented to name node, the name node does NOT connect to KDC for verification. 
So increased load on KDC isn't a valid point as mentioned in my first document. 
[~ajayydv] had mentioned it when he had reviewed.

Am working on submitting the design based on Approach 1 and meanwhile also 
looking at creating a quick prototype that can demonstrate approach 1's 
feasibility.


was (Author: crh):
[~brahmareddy] Updated the document with your comments. Yes Cons mentioned 
earlier in Approach 1 is invalid. Irrespective of using tokens for auth, even 
in kerberos route, a client side service ticket is cached and when a service 
ticket is presented to namenode, the namenode does NOT connect to KDC for 
verification. So increased load on KDC isn't a valid point as mentioned in my 
first document.

Am working on submitting the design based on Approach 1 and meanwhile also 
looking at creating a quick prototype that can demonstrate approach 1's 
feasibility.

> RBF: Adding security
> --------------------
>
>                 Key: HDFS-13532
>                 URL: https://issues.apache.org/jira/browse/HDFS-13532
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>            Reporter: Íñigo Goiri
>            Assignee: CR Hota
>            Priority: Major
>         Attachments: RBF _ Security delegation token thoughts.pdf, RBF _ 
> Security delegation token thoughts_updated.pdf, RBF _ Security delegation 
> token thoughts_updated_2.pdf, RBF-DelegationToken-Approach1b.pdf, RBF_ 
> Security delegation token thoughts_updated_3.pdf, Security_for_Router-based 
> Federation_design_doc.pdf
>
>
> HDFS Router based federation should support security. This includes 
> authentication and delegation tokens.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to