Return-Path: Delivered-To: apmail-hadoop-common-dev-archive@www.apache.org Received: (qmail 60384 invoked from network); 20 Dec 2010 23:19:27 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 20 Dec 2010 23:19:27 -0000 Received: (qmail 34557 invoked by uid 500); 20 Dec 2010 23:19:26 -0000 Delivered-To: apmail-hadoop-common-dev-archive@hadoop.apache.org Received: (qmail 34457 invoked by uid 500); 20 Dec 2010 23:19:25 -0000 Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-dev@hadoop.apache.org Received: (qmail 34289 invoked by uid 99); 20 Dec 2010 23:19:25 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Dec 2010 23:19:25 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Dec 2010 23:19:23 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id oBKNJ2la006154 for ; Mon, 20 Dec 2010 23:19:02 GMT Message-ID: <32481491.225821292887142163.JavaMail.jira@thor> Date: Mon, 20 Dec 2010 18:19:02 -0500 (EST) From: "Todd Lipcon (JIRA)" To: common-dev@hadoop.apache.org Subject: [jira] Created: (HADOOP-7070) JAAS configuration should delegate unknown application names to pre-existing configuration MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org JAAS configuration should delegate unknown application names to pre-existing configuration ------------------------------------------------------------------------------------------ Key: HADOOP-7070 URL: https://issues.apache.org/jira/browse/HADOOP-7070 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 0.22.0, 0.23.0 Reporter: Todd Lipcon Assignee: Todd Lipcon Priority: Critical As reported here: https://issues.cloudera.org/browse/DISTRO-66 it is impossible to use secured Hadoop inside an application that relies on other JAAS configurations. This is because the static initializer of UserGroupInformation replaces the JAAS configuration, but we don't delegate unknown applications up to whatever Configuration was installed previously. The delegation technique seems to be used by JBoss's XMLLoginConfigImpl for example. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.