[
https://issues.apache.org/jira/browse/HADOOP-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049400#comment-14049400
]
Alejandro Abdelnur commented on HADOOP-10769:
---------------------------------------------
I got it now. I think in Hadoop-land we are pretty much standardize in
DelegationTokens (HDFS, Yarn, WebHdfs, HiveMetaStore, Hbase) and we have a
generic mechanism to distribute them. Given that, I would say and external
KeyProvider impl either uses KMS or wraps its authenticatedToken within a
DelegationToken implementation.
> Add getDelegationToken() method to KeyProvider
> ----------------------------------------------
>
> Key: HADOOP-10769
> URL: https://issues.apache.org/jira/browse/HADOOP-10769
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
>
> The KeyProvider API needs to return delegation tokens to enable access to the
> KeyProvider from processes without Kerberos credentials (ie Yarn containers).
> This is required for HDFS encryption and KMS integration.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
