[ https://issues.apache.org/jira/browse/HDFS-7295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14186420#comment-14186420 ]
Haohui Mai commented on HDFS-7295: ---------------------------------- Given the fact that in Hadoop there is no way to revoke a DT, expiration time serves as the last defense of stole tokens. >From a security point of view, it is a horrible idea to have unlimited >expiration time on DT without revocation mechanisms. It breaks the basic >design principle of building a capability-based system, even if you make it >configurable. I don't think the current proposal is the right direction. I think the the comments of both [~ste...@apache.org] and [~aw] make sense. > Support arbitrary max expiration times for delegation token > ----------------------------------------------------------- > > Key: HDFS-7295 > URL: https://issues.apache.org/jira/browse/HDFS-7295 > Project: Hadoop HDFS > Issue Type: Improvement > Reporter: Anubhav Dhoot > Assignee: Anubhav Dhoot > > Currently the max lifetime of HDFS delegation tokens is hardcoded to 7 days. > This is a problem for different users of HDFS such as long running YARN apps. > Users should be allowed to optionally specify max lifetime for their tokens. -- This message was sent by Atlassian JIRA (v6.3.4#6332)