Akanksha-kedia opened a new issue, #17487: URL: https://github.com/apache/pinot/issues/17487
#### __Do we need service tokens with HDFS Kerberos?"__ __YES - Because they serve different security layers:__ __HDFS Kerberos (Already Working):__ ```javascript Controller → [Kerberos] → HDFS (File operations) Server → [Kerberos] → HDFS (File operations) ``` __Service Tokens (Our Implementation):__ ```javascript Controller → [HTTP Token] → Server (API calls) Controller → [HTTP Token] → Minion (API calls) Server → [HTTP Token] → Controller (API calls) Minion → [HTTP Token] → Controller (API calls) ``` #### __📋 Detailed Service Token Distribution:__ __Controller Configuration:__ ```properties # Keep existing Kerberos (HDFS access) hadoop.security.authentication=kerberos # Add service token (HTTP API access) controller.segment.fetcher.auth.token= ``` __Server Configuration:__ ```properties # Keep existing Kerberos hadoop.security.authentication=kerberos # Add service tokens pinot.server.segment.fetcher.auth.token= pinot.server.segment.uploader.auth.token= pinot.server.instance.auth.token= ``` __Minion Configuration:__ ```properties # Keep existing Kerberos hadoop.security.authentication=kerberos # Add service tokens segment.fetcher.auth.token= task.auth.token= ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
