[
https://issues.apache.org/jira/browse/HADOOP-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049403#comment-14049403
]
Larry McCay commented on HADOOP-10769:
--------------------------------------
Relegating a provider to being plugged into KMS which will require delegation
tokens and whatever the external provider needs in the first place defeats the
purpose of a generic KeyProvider API. In fact, I'm not sure how you would
accommodate such a provider to begin with.
Also, making them wrap their token would be unnecessary and potentially not
enough. There may even be need for other context values for a given provider.
> Add getDelegationToken() method to KeyProvider
> ----------------------------------------------
>
> Key: HADOOP-10769
> URL: https://issues.apache.org/jira/browse/HADOOP-10769
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
>
> The KeyProvider API needs to return delegation tokens to enable access to the
> KeyProvider from processes without Kerberos credentials (ie Yarn containers).
> This is required for HDFS encryption and KMS integration.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
