[ https://issues.apache.org/jira/browse/HADOOP-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049400#comment-14049400 ]
Alejandro Abdelnur commented on HADOOP-10769: --------------------------------------------- I got it now. I think in Hadoop-land we are pretty much standardize in DelegationTokens (HDFS, Yarn, WebHdfs, HiveMetaStore, Hbase) and we have a generic mechanism to distribute them. Given that, I would say and external KeyProvider impl either uses KMS or wraps its authenticatedToken within a DelegationToken implementation. > Add getDelegationToken() method to KeyProvider > ---------------------------------------------- > > Key: HADOOP-10769 > URL: https://issues.apache.org/jira/browse/HADOOP-10769 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0 > Reporter: Alejandro Abdelnur > Assignee: Arun Suresh > > The KeyProvider API needs to return delegation tokens to enable access to the > KeyProvider from processes without Kerberos credentials (ie Yarn containers). > This is required for HDFS encryption and KMS integration. -- This message was sent by Atlassian JIRA (v6.2#6252)