THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
delegation.token.max.lifetime.ms : The token has a maximum lifetime beyond which it cannot be renewed any more. Default value 7 days.
delegation.token.expiry.time.ms : The token validity time in seconds before the token needs to be renewed. Default value 1 day.
delegation.token.master.key : SecretmasterKey/masterKey to secret to generate and verify delegation tokens. This masterKey needs /secret needs to be configured with all the brokers. If the secret is masterKey/secret is not set or set to empty string, brokers will disable the delegation token support.
...
TokenID:
- Owner ID -- Username that this token will authenticate as
- Renewers ID -- designated renewers list
- Issue date -- timestamp (in msec) when this token was generated
- Expiry date -- timestamp (in msec) at which this token expires
- TokenUID -- Sequence number/UUID to ensure uniqueness
TokenAuthenticator(HMAC) := HMAC_SHA1(master key, TokenUID)
Authentication Token := (TokenID, TokenAuthenticator(HMAC))
Master Secret Key
The MasterKey/secret is used to generate and verify delegation tokens. This is supplied using config option. This secret needs to be configured with all the brokers. The current proposal does not support rotation of secret. If the secret is not set or set to empty string, brokers will disable the delegation token support. We require a re-deployment when the secret needs to be rotated.
...