[
https://issues.apache.org/jira/browse/HDFS-9525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15108756#comment-15108756
]
Allen Wittenauer commented on HDFS-9525:
----------------------------------------
Let's not try to limit ourselves to just solving WebHDFS here. I think it's
important to recognize that:
* this goes beyond just distcp, esp wrt future potential applications (so
mapreduce.job.credentials.binary isn't particularly useful if one isn't doing
MR...)
* post HADOOP-12563 there is a very real possibility of having more than just
HDFS delegation tokens in use
* there may be more than two clusters involved
* there are plenty of places where there is a recommended configuration/usage,
but hadoop doesn't limit users just to that limit
Whenever Hadoop limits itself to solving the absolute, immediate problem rather
than building for the future, it ends up a mess. (I'll be more than happy to
give examples, but I figure I don't need to...) As a community, we've *always*
succeeded and reached greater heights when keeping the door wide open.
> hadoop utilities need to support provided delegation tokens
> -----------------------------------------------------------
>
> Key: HDFS-9525
> URL: https://issues.apache.org/jira/browse/HDFS-9525
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: security
> Affects Versions: 3.0.0
> Reporter: Allen Wittenauer
> Assignee: HeeSoo Kim
> Priority: Blocker
> Fix For: 3.0.0
>
> Attachments: HDFS-7984.001.patch, HDFS-7984.002.patch,
> HDFS-7984.003.patch, HDFS-7984.004.patch, HDFS-7984.005.patch,
> HDFS-7984.006.patch, HDFS-7984.007.patch, HDFS-7984.patch,
> HDFS-9525.008.patch, HDFS-9525.branch-2.008.patch
>
>
> When using the webhdfs:// filesystem (especially from distcp), we need the
> ability to inject a delegation token rather than webhdfs initialize its own.
> This would allow for cross-authentication-zone file system accesses.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
