Versions Compared

Old Version 4

changes.mady.by.user Gabor Somogyi

Saved on

compared with

New Version Current

changes.mady.by.user Gabor Somogyi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Page properties


Discussion threadhttps://lists.apache.org/thread/vgg5hbf5jljcxopfhb32w3l0wjoyko4o
Vote threadTODOhttps://lists.apache.org/thread/4bqc9nb5ktn8yhy9cgxp0cxnq2bqhtps
JIRA

Jira
serverASF JIRA
columnIdsissuekey,summary,issuetype,created,updated,duedate,assignee,reporter,customfield_12311032,customfield_12311037,customfield_12311022,customfield_12311027,priority,status,resolution
columnskey,summary,type,created,updated,due,assignee,reporter,Priority,Priority,Priority,Priority,priority,status,resolution
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyFLINK-29918

Release1.1817


Motivation

The current delegation token framework supports mainly Kerberos authentication and Hadoop based tokens. This satisfies the use cases described in FLIP-211, however there are many non-hadoop compliant frameworks, where the authentication protocol is not Kerberos. The main motivation is to generalize the actual delegation token framework to make it authentication protocol agnostic. This change would open doors to implement providers for example for S3 (amongst many others).

...

  • security.delegation.tokens.renewal.retry.backoff needs to be added which falls back to has the same default value like security.kerberos.tokens.renewal.retry.backoff . Default value intended to be the same (1 hour).
  • security.delegation.tokens.renewal.time-ratio needs to be added which falls back has the same default value like security.kerberos.tokens.renewal.time-ratio . Default value intended to be the same (0.75).

Compatibility, Deprecation, and Migration Plan

...