[jira] [Updated] (HAWQ-1644) Siwtch PXF to support keytab configuration via pxf-env and make delegation token optional

Tue, 31 Jul 2018 14:28:24 -0700 


     [ 
https://issues.apache.org/jira/browse/HAWQ-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shivram Mani updated HAWQ-1644:
-------------------------------
    Description: 
1. For secure hadoop, configure all secure specific configurations in pxf-env 
as opposed to pxf-site.

2. Make delegation token property option for PXF when used against secure 
hadoop. Delegation token is a complementary means for authentication with 
hadoop along with Kerberos. There is not much value in using the delegation 
token with segment only PXF architecture, as each pxf jvm will need to 
establish the token anyway. Simply authenticating with Keberos should be good 
enough in such a deployment mode.

  was:
Make delegation token property option for PXF when used against secure hadoop

Delegation token is a complementary means for authentication with hadoop along 
with Kerberos. There is not much value in using the delegation token with 
segment only PXF architecture, as each pxf jvm will need to establish the token 
anyway. Simply authenticating with Keberos should be good enough in such a 
deployment mode.


> Siwtch PXF to support keytab configuration via pxf-env and make delegation 
> token optional
> -----------------------------------------------------------------------------------------
>
>                 Key: HAWQ-1644
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1644
>             Project: Apache HAWQ
>          Issue Type: Improvement
>          Components: PXF
>            Reporter: Shivram Mani
>            Assignee: Shivram Mani
>            Priority: Major
>
> 1. For secure hadoop, configure all secure specific configurations in pxf-env 
> as opposed to pxf-site.
> 2. Make delegation token property option for PXF when used against secure 
> hadoop. Delegation token is a complementary means for authentication with 
> hadoop along with Kerberos. There is not much value in using the delegation 
> token with segment only PXF architecture, as each pxf jvm will need to 
> establish the token anyway. Simply authenticating with Keberos should be good 
> enough in such a deployment mode.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to