Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
As discussed in the mailing list, we’d like to introduce Apache Kerby into Hadoop. Apache Kerby is a Kerberos centric project and aims to provide a first Java Kerberos library that contains both client and server supports. The relevant features include:
It supports full Kerberos encryption types aligned with both MIT KDC and MS AD; Client APIs to allow to login via password, credential cache, keytab file and etc.; Utilities for generate, operate and inspect keytab and credential cache files; A simple KDC server that borrows some ideas from Hadoop-MiniKDC and can be used in tests but with minimal overhead in external dependencies; A brand new token mechanism is provided, can be experimentally used, using it a JWT token can be used to exchange a TGT or service ticket; Anonymous PKINIT support, can be experientially used, as the first Java library that supports the Kerberos major extension.
Attachments
Issue Links
- requires
-
HADOOP-13014 Add the MiniKdcService in Hadoop
- Open
-
HADOOP-13015 Implement kinit command execution facility in Java by leveraging Apache Kerby
- Open
-
HADOOP-12911 Upgrade Hadoop MiniKDC with Kerby
- Resolved
-
HADOOP-13027 Add unit test for MiniKDC to issue tickets for >1 persons in the same instance
- Open