[
https://issues.apache.org/jira/browse/HADOOP-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049276#comment-14049276
]
Alejandro Abdelnur commented on HADOOP-10769:
---------------------------------------------
[~lmccay], this is required for any distributed implementation of the
KeyProvider to work.
This is exactly what Hadoop {{FileSystem}} API does, the base {{FileSystem}}
has the following method:
{code}
public Token<?> getDelegationToken(String renewer) throws IOException {
return null;
}
{code}
If this is specific to a provider impl, then HDFS would have to cast to the
specific provider impl to get it, which is not good.
> Add getDelegationToken() method to KeyProvider
> ----------------------------------------------
>
> Key: HADOOP-10769
> URL: https://issues.apache.org/jira/browse/HADOOP-10769
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
>
> The KeyProvider API needs to return delegation tokens to enable access to the
> KeyProvider from processes without Kerberos credentials (ie Yarn containers).
> This is required for HDFS encryption and KMS integration.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
