[
https://issues.apache.org/jira/browse/FALCON-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15137482#comment-15137482
]
Christine commented on FALCON-1027:
-----------------------------------
[~jbecicka], These fixes are shipping with HDP 2.3.4.
> Falcon REST API trusted proxy support
> -------------------------------------
>
> Key: FALCON-1027
> URL: https://issues.apache.org/jira/browse/FALCON-1027
> Project: Falcon
> Issue Type: New Feature
> Affects Versions: 0.7
> Reporter: kenneth ho
> Assignee: Sowmya Ramesh
> Fix For: 0.8
>
> Attachments: ApacheFalcon-Proxyusersupport.pdf, FALCON-1027.V3.patch,
> FALCON-1027.v0.patch, FALCON-1027.v1.patch, FALCON-1027.v2.patch
>
>
> In order for Falcon REST API to work securely via the Knox gateway it must be
> possible to setup a trust relationship between Knox and Falcon. This is
> commonly done in other Hadoop ecosystem components using a combination of
> Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for
> Falcon to strongly authenticate Knox as a trusted proxy, ensuring that it can
> trust the identity assertions made via the doas query parameter. The links
> below provide some information describing how this is done for core Hadoop.
> Also note that most components utilize Hadoop core's reusable hadoop-auth
> module to implement this functionality.
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
> http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
