[jira] [Work logged] (HADOOP-17794) Add a sample configuration to use ZKDelegationTokenSecretManager in Hadoop KMS

Fri, 09 Jul 2021 03:59:06 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-17794?focusedWorklogId=620928&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-620928
 ]

ASF GitHub Bot logged work on HADOOP-17794:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Jul/21 10:58
            Start Date: 09/Jul/21 10:58
    Worklog Time Spent: 10m 
      Work Description: aajisaka commented on a change in pull request #3190:
URL: https://github.com/apache/hadoop/pull/3190#discussion_r666863490



##########
File path: hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
##########
@@ -791,10 +791,62 @@ This secret sharing can be done using a Zookeeper service 
which is configured in
 $H4 Delegation Tokens
 
 Similar to HTTP authentication, KMS uses Hadoop Authentication for delegation 
tokens too.
+Under HA, every KMS instance must verify the delegation token given by another 
KMS instance.
+To do this, all the KMS instances must use ZKDelegationTokenSecretManager to 
retrieve
+the TokenIdentifiers and DelegationKeys from ZooKeeper.
 
-Under HA, A KMS instance must verify the delegation token given by another KMS 
instance, by checking the shared secret used to sign the delegation token. To 
do this, all KMS instances must be able to retrieve the shared secret from 
ZooKeeper.
+Sample configuration:

Review comment:
       Thank you!




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 620928)
    Time Spent: 40m  (was: 0.5h)

> Add a sample configuration to use ZKDelegationTokenSecretManager in Hadoop KMS
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-17794
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17794
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: documentation, security
>            Reporter: Akira Ajisaka
>            Assignee: Akira Ajisaka
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The following parameters should be documented in 
> https://hadoop.apache.org/docs/stable/hadoop-kms/index.html#Delegation_Tokens
> * hadoop.kms.authentication.zk-dt-secret-manager.enable
> * hadoop.kms.authentication.zk-dt-secret-manager.kerberos.keytab
> * hadoop.kms.authentication.zk-dt-secret-manager.kerberos.principal
> * hadoop.kms.authentication.zk-dt-secret-manager.zkConnectionString
> * hadoop.kms.authentication.zk-dt-secret-manager.znodeWorkingPath
> * hadoop.kms.authentication.zk-dt-secret-manager.zkAuthType



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to