[ 
https://issues.apache.org/jira/browse/HDFS-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16617749#comment-16617749
 ] 

Brahma Reddy Battula commented on HDFS-13532:
---------------------------------------------

[~crh] thanks for updating.

As discussed in call, Following Cons for approach 1 are still valid, as Router 
also token(act as proxy user) so auth can be done through token.

 
{quote}bq. Without delegation token use namenodes will end up putting all the 
load on KDC for kerberos ticket verification. This will defeat one of the main 
rationales behind why delegation tokens were introduced in namenode.

bq.  Performance of namenodes will deteriorate further as network calls need to 
be made to kdc for ticket verification instead of in memory cache of delegation 
tokens that is maintained currently.
{quote}
and once after updating in statestore then we can return ack to the client.

> RBF: Adding security
> --------------------
>
>                 Key: HDFS-13532
>                 URL: https://issues.apache.org/jira/browse/HDFS-13532
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>            Reporter: Íñigo Goiri
>            Assignee: CR Hota
>            Priority: Major
>         Attachments: RBF _ Security delegation token thoughts.pdf, RBF _ 
> Security delegation token thoughts_updated.pdf, RBF _ Security delegation 
> token thoughts_updated_2.pdf, RBF-DelegationToken-Approach1b.pdf, 
> Security_for_Router-based Federation_design_doc.pdf
>
>
> HDFS Router based federation should support security. This includes 
> authentication and delegation tokens.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to