...
Below diagram shows the steps required to use the delegation tokens.
ACL
Currently we only allow a user to create delegation token for that user only. Renew and expire requests should come from owner or renewers of the token. So we dont need ACLs for create/renew/expire requests.
For describe, we can add DESCRIBE operation on Token Resource. In future, when we extend the support to allow a user to acquire delegation tokens for other users, then we can enable CREATE/DELETE operations.
Operation | Resource | API |
---|---|---|
DESCRIBE | Token | describeTokens |
CREATE | Token | createToken (Will be introduced in a future release) |
DELETE | Token | deleteToken (Will be introduced in a future release) |
Q/A
Q1. Is there any dependency on Hadoop APIs/Libraries?
...