[
https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15431540#comment-15431540
]
Chris Nauroth commented on HADOOP-10776:
----------------------------------------
[~vinodkv], thank you for picking this up. The patch looks good to me. My
only request is that you add a change in {{SecurityUtil}} to mark that one
{{Public}} too. That class already gets used a lot in other projects. I'll be
+1 after that change.
I think we'll want to review usage and annotations on the web auth stuff too,
but this much is plenty to get in for a 2.8.0 release.
> Open up already widely-used APIs for delegation-token fetching & renewal to
> ecosystem projects
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-10776
> URL: https://issues.apache.org/jira/browse/HADOOP-10776
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Robert Joseph Evans
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
> Attachments: HADOOP-10776-20160822.txt
>
>
> Storm would like to be able to fetch delegation tokens and forward them on to
> running topologies so that they can access HDFS (STORM-346). But to do so we
> need to open up access to some of APIs.
> Most notably FileSystem.addDelegationTokens(), Token.renew,
> Credentials.getAllTokens, and UserGroupInformation but there may be others.
> At a minimum adding in storm to the list of allowed API users. But ideally
> making them public. Restricting access to such important functionality to
> just MR really makes secure HDFS inaccessible to anything except MR, or tools
> that reuse MR input formats.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
