hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8043) KerberosAuthenticationFilter and friends have some problems
Date Thu, 09 Feb 2012 23:21:59 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13205027#comment-13205027

Alejandro Abdelnur commented on HADOOP-8043:

Ok, so #2 should be a backport of what is in branch-1.0.

Thanks for explaining why you moved the login-context initialization from the init() to the
authenticate() method. The current code does not ask for local hostname to create the principal,
it gets it from the config file. You should set the right principal in the config file. In
your patch you are doing the initialization only once (if NULL); first you could have race
condition here having a double initialization; second if different request may come with different
hostnames because of your vip, then your patch won't work.

It would be great if you explain what is the problem in detail as I may be missing something
here. Also, the problem would be in trunk as well, so we should fix it there as well.

Thanks and regards.

> KerberosAuthenticationFilter and friends have some problems
> -----------------------------------------------------------
>                 Key: HADOOP-8043
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8043
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.0.0
>            Reporter: Allen Wittenauer
>            Priority: Critical
>         Attachments: HADOOP-8043-branch-1.0.txt
> KerberosAuthenticationFilter and friends have three killer usability issues and bugs:
> 1. Documentation is misleading/wrong.
> 2. Shared secret stored in a world readable file.
> 3. Lacks support for _HOST macro

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message