Jonathan Maron created SLIDER-694:
-------------------------------------
Summary: Slider AM REST API trusted proxy support
Key: SLIDER-694
URL: https://issues.apache.org/jira/browse/SLIDER-694
Project: Slider
Issue Type: Task
Components: appmaster, security, Web & REST
Reporter: Jonathan Maron
Assignee: Jonathan Maron
Fix For: Slider 0.70
In order for Slider and Knox to work securely it must be possible to setup a
trust relationship between the two. This is commonly done in other Hadoop
ecosystem components using a combination of Kerberos/SPNego and a doas URL
query parameter. This provides a mechanism for AM to strongly authenticate Knox
as a trusted proxy, ensuring that it can trust the identity assertions made via
the doas query parameter. The links below provide some information describing
how this is done for core Hadoop. Also note that most components utilize Hadoop
core's reusable hadoop-auth module to implement this functionality.
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
