accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Vines (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1028) Distinguish the user principal from the authentication token
Date Mon, 04 Feb 2013 18:16:12 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13570466#comment-13570466
] 

John Vines commented on ACCUMULO-1028:
--------------------------------------

I am an advocate of the generic INVALID_TOKEN. Having the Authenticator attempt to treat the
byte blob as a serialized token that it's expected and throwing INVALID_TOKEN if it cannot
deserialize it is the way I think it should be handled. This is how Kerberos works as well-
if it can decrypt the blob, hooray, otherwise failure.

Additionally, by putting in this type of serialization has a security flaw that Eric pointed
out. It allows a user who has the ability to write to the reloadable class directory to execute
arbitrary code. Currently this is not possible unless that user ALSO has login credentials
to the Accumulo instance.
                
> Distinguish the user principal from the authentication token
> ------------------------------------------------------------
>
>                 Key: ACCUMULO-1028
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1028
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: master, tserver
>            Reporter: Christopher Tubbs
>            Assignee: John Vines
>             Fix For: 1.5.0
>
>
> The user principal is something that uniquely identifies a user. An authentication token
is the item that authenticates the user principal, may be temporal, and may vary. It is not
clear from the implementation of ACCUMULO-259 that these are separate things, and I think
it would benefit the API to distinguish them.
> It could also simplify the API, for users transitioning from the old authentication stuff
to the new authentication stuff, because there would be a one-to-one mapping with the username/password
with which they are familiar:
> {code:java}
> public Connector getConnector(String username, byte[] password);
> {code}
> becomes
> {code:java}
> public <T extends AuthToken> Connector getConnector(Principal userPrincipal, T
authToken);
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message