Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D14469D13 for ; Wed, 13 Jun 2012 11:43:51 +0000 (UTC) Received: (qmail 27355 invoked by uid 500); 13 Jun 2012 11:43:49 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 27018 invoked by uid 500); 13 Jun 2012 11:43:49 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 25963 invoked by uid 99); 13 Jun 2012 11:43:47 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2012 11:43:47 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id 537F014001F for ; Wed, 13 Jun 2012 11:43:47 +0000 (UTC) Date: Wed, 13 Jun 2012 11:43:47 +0000 (UTC) From: "Hudson (JIRA)" To: common-issues@hadoop.apache.org Message-ID: <807405194.12235.1339587827344.JavaMail.jiratomcat@issues-vm> In-Reply-To: <1513140608.28156.1338583223317.JavaMail.jiratomcat@issues-vm> Subject: [jira] [Commented] (HADOOP-8465) hadoop-auth should support ephemeral authentication MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294375#comment-13294375 ] Hudson commented on HADOOP-8465: -------------------------------- Integrated in Hadoop-Hdfs-trunk #1075 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1075/]) HADOOP-8465. hadoop-auth should support ephemeral authentication (tucu) (Revision 1349613) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349613 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationToken.java * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt > hadoop-auth should support ephemeral authentication > --------------------------------------------------- > > Key: HADOOP-8465 > URL: https://issues.apache.org/jira/browse/HADOOP-8465 > Project: Hadoop Common > Issue Type: New Feature > Components: security > Affects Versions: 2.0.1-alpha > Reporter: Alejandro Abdelnur > Assignee: Alejandro Abdelnur > Fix For: 2.0.1-alpha > > Attachments: HADOOP-8465.patch, HADOOP-8465.patch > > > Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan. > Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires. > This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time. > Having ephemeral authentication (which is check on every request) would address this issue. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira