Return-Path: X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 46CC01147C for ; Tue, 22 Apr 2014 14:48:25 +0000 (UTC) Received: (qmail 27791 invoked by uid 500); 22 Apr 2014 14:48:15 -0000 Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org Received: (qmail 27703 invoked by uid 500); 22 Apr 2014 14:48:15 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 27693 invoked by uid 99); 22 Apr 2014 14:48:15 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Apr 2014 14:48:15 +0000 Date: Tue, 22 Apr 2014 14:48:15 +0000 (UTC) From: "Christopher Tubbs (JIRA)" To: notifications@accumulo.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (ACCUMULO-1165) Use a unique SystemToken (credentials) for each server instance (TServer, etc.) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-1165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Christopher Tubbs updated ACCUMULO-1165: ---------------------------------------- Assignee: (was: Christopher Tubbs) > Use a unique SystemToken (credentials) for each server instance (TServer, etc.) > ------------------------------------------------------------------------------- > > Key: ACCUMULO-1165 > URL: https://issues.apache.org/jira/browse/ACCUMULO-1165 > Project: Accumulo > Issue Type: Improvement > Components: tserver > Reporter: Christopher Tubbs > > Each component should use unique system credentials, and those credentials should only be valid while a tablet server (or other component) holds a lock in zookeeper. > This behavior more accurately reflects the security model for system components, and may be able to help reduce or eliminate the possibility of multiple-assignment. It could also help prevent problems of other "half-dead" components that have lost their lock (such as a master), by adding an authentication check for the master in the tablet servers. > It's important to realize that this ticket doesn't necessarily improve security (any component with access to the configuration secret can fake it the lock ID), but it does provide additional sanity checks by authenticating individual system components, and improves the handling of failure conditions. -- This message was sent by Atlassian JIRA (v6.2#6252)