[ https://issues.apache.org/jira/browse/HDFS-12284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16667645#comment-16667645 ]
Brahma Reddy Battula commented on HDFS-12284: --------------------------------------------- Thanks for working on this jira. IIUC,Daryn was telling about following,for each operaion ugi is getting created(ugi construction). {code:java} 258 UserGroupInformation connUGI = ugi; 259 if (UserGroupInformation.isSecurityEnabled()) { 260 UserGroupInformation routerUser = UserGroupInformation.getLoginUser(); 261 connUGI = UserGroupInformation.createProxyUser( 262 ugi.getUserName(), routerUser); 263 } 264 connection = this.connectionManager.getConnection( 265 connUGI, rpcAddress, proto); {code} {quote}I plan to enhance the connection pooling part by introducing synchronous connection creation using semaphore semantics instead of the current asynchronous connection creation. {quote} Mostly this can address, just we need to aviod when proxy user is already constructed. {quote}The temporary solution for this JIRA is to add the definition of dfs.federation.router.kerberos.internal.spnego.principal to SecurityConfUtil#initSecurity(). Thoughts? {quote} Yes, we should this config like all other configs to start router http server. {quote}We can create another ticket for adding hdfs-rbf-default.xml in HdfsConfiguration, but wondering how it will work for NameNode? Because in a namenode scenario, hdfs-rbf-default.xml may not be in the classpath. {quote} AFAIK..Just one more file ( hdfs-rbf*) will be added to classpath of Namenode,DataNode..I dn't think,user will configure namenode/datanode configs in this file,so this will not impact these process. I think, Newly added testcases are not using the state store( as zk address is not used..) We should commit this ASAP, as this blocks delegation token impl,[~crh] can you update delegation toke proto type based on this..? > RBF: Support for Kerberos authentication > ---------------------------------------- > > Key: HDFS-12284 > URL: https://issues.apache.org/jira/browse/HDFS-12284 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: security > Reporter: Zhe Zhang > Assignee: Sherwood Zheng > Priority: Major > Attachments: HDFS-12284-HDFS-13532.004.patch, > HDFS-12284-HDFS-13532.005.patch, HDFS-12284-HDFS-13532.006.patch, > HDFS-12284-HDFS-13532.007.patch, HDFS-12284-HDFS-13532.008.patch, > HDFS-12284-HDFS-13532.009.patch, HDFS-12284-HDFS-13532.010.patch, > HDFS-12284-HDFS-13532.011.patch, HDFS-12284-HDFS-13532.012.patch, > HDFS-12284.000.patch, HDFS-12284.001.patch, HDFS-12284.002.patch, > HDFS-12284.003.patch > > > HDFS Router should support Kerberos authentication and issuing / managing > HDFS delegation tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org