[
https://issues.apache.org/jira/browse/HDFS-11393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16899530#comment-16899530
]
Wei-Chiu Chuang commented on HDFS-11393:
----------------------------------------
I think this is addressed by HADOOP-16350
> Hadoop KMS contacted by jobs which don’t use KMS encryption
> ------------------------------------------------------------
>
> Key: HDFS-11393
> URL: https://issues.apache.org/jira/browse/HDFS-11393
> Project: Hadoop HDFS
> Issue Type: Wish
> Environment: Hadoop 2.7.3, Spark 1.6.3 on Yarn, Oozie 4.2.3
> Cluster secured with Kerberos
> Reporter: Alexandre Linte
> Priority: Minor
>
> Hello,
> After few days of usage of Hadoop KMS in our pre-production platform, it was
> noticed that after restarting resourcemanagers, all Yarn jobs generated on
> the platform interrogated the KMS server, even if the didn't process
> encrypted information.
> {noformat}
> 2016-11-23 10:58:47,708 DEBUG AuthenticationFilter - Request
> [http://uabigkms01:16000/kms/v1/?op=GETDELEGATIONTOKEN&renewer=rm%2Fuabigrm01%40SANDBOX.HADOOP]
> triggering authentication
> 2016-11-23 10:58:47,735 DEBUG AuthenticationFilter - Request
> [http://uabigkms01:16000/kms/v1/?op=GETDELEGATIONTOKEN&renewer=rm%2Fuabigrm01%40SANDBOX.HADOOP]
> user xxxx authenticated
> {noformat}
> Indeed after research we see that KMS supports delegation token to
> authenticate to the Java KeyProvider by processes without Kerberos
> credentials.
> Is there a way to bypass Delegation Token on KMS and just contact KMS when
> jobs or user into HDFS use encrypted data ?
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
