[ https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15693902#comment-15693902 ]
Steve Loughran commented on HADOOP-10776: ----------------------------------------- +1 to Vinod's patch with my minor changes; committing to branch-2.8+ > Open up already widely-used APIs for delegation-token fetching & renewal to > ecosystem projects > ---------------------------------------------------------------------------------------------- > > Key: HADOOP-10776 > URL: https://issues.apache.org/jira/browse/HADOOP-10776 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Robert Joseph Evans > Assignee: Vinod Kumar Vavilapalli > Priority: Blocker > Attachments: HADOOP-10776-20160822.txt, > HADOOP-10776-branch-2-002.patch, HADOOP-10776-branch-2-003.patch > > > Storm would like to be able to fetch delegation tokens and forward them on to > running topologies so that they can access HDFS (STORM-346). But to do so we > need to open up access to some of APIs. > Most notably FileSystem.addDelegationTokens(), Token.renew, > Credentials.getAllTokens, and UserGroupInformation but there may be others. > At a minimum adding in storm to the list of allowed API users. But ideally > making them public. Restricting access to such important functionality to > just MR really makes secure HDFS inaccessible to anything except MR, or tools > that reuse MR input formats. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org