Robert Joseph Evans created STORM-2898:
------------------------------------------
Summary: Strom should support auth through delegation tokens for
workers
Key: STORM-2898
URL: https://issues.apache.org/jira/browse/STORM-2898
Project: Apache Storm
Issue Type: New Feature
Components: storm-client, storm-server
Affects Versions: 2.0.0
Reporter: Robert Joseph Evans
Assignee: Robert Joseph Evans
There are a lot of cases where it would be great for a worker to be able to
communicate directly to nimbus, supervisors, or drpc servers in a secure way
out of the box.
This is currently a pain to make work. The user has to ship a TGT with their
topology, and continually keep it up to date with credentials-push. They also
need a kind of hacked up jaas.conf to grab the TGT from AutoTGT and put it in
the place that he client wants it.
We should just generate a signed data structure (aka delegation token from
hadoop) that we can had off to the topologies to use when talking to nimbus, a
supervisor, or drpc servers.
We may want to split up the different services from each other to make an
attack against one not hit all of them, but that is something we can think
about with the design of this.
I will try to come up with a design shortly.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
