hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eli Collins (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8857) hadoop.http.authentication.signature.secret.file should be created if the configured file does not exist
Date Tue, 02 Oct 2012 17:03:07 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467865#comment-13467865
] 

Eli Collins commented on HADOOP-8857:
-------------------------------------

We should be able to get away with that, IIUC the only reason to save the randomly generated
bytes was for users that need to share the secret across hosts, but we can require they generate
their own secret.
                
> hadoop.http.authentication.signature.secret.file should be created if the configured
file does not exist
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-8857
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8857
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0-alpha
>            Reporter: Eli Collins
>            Assignee: Owen O'Malley
>            Priority: Minor
>
> AuthenticationFilterInitializer#initFilter fails if the configured {{hadoop.http.authentication.signature.secret.file}}
does not exist, eg:
> {noformat}
> java.lang.RuntimeException: Could not read HTTP signature secret file: /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
> {noformat}
> Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with a string)
fixes the issue. Per the auth docs "If a secret is not provided a random secret is generated
at start up time.", which sounds like it means the file should be generated at startup with
a random secrete, which doesn't seem to be the case. Also the instructions in the docs should
be more clear in this regard.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message