[ 
https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15693902#comment-15693902
 ] 

Steve Loughran commented on HADOOP-10776:
-----------------------------------------

+1 to Vinod's patch with my minor changes; committing to branch-2.8+


> Open up already widely-used APIs for delegation-token fetching & renewal to 
> ecosystem projects
> ----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10776
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10776
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Robert Joseph Evans
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>         Attachments: HADOOP-10776-20160822.txt, 
> HADOOP-10776-branch-2-002.patch, HADOOP-10776-branch-2-003.patch
>
>
> Storm would like to be able to fetch delegation tokens and forward them on to 
> running topologies so that they can access HDFS (STORM-346).  But to do so we 
> need to open up access to some of APIs. 
> Most notably FileSystem.addDelegationTokens(), Token.renew, 
> Credentials.getAllTokens, and UserGroupInformation but there may be others.
> At a minimum adding in storm to the list of allowed API users. But ideally 
> making them public. Restricting access to such important functionality to 
> just MR really makes secure HDFS inaccessible to anything except MR, or tools 
> that reuse MR input formats.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to