Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AAC3EEE25 for ; Fri, 25 Jan 2013 17:29:16 +0000 (UTC) Received: (qmail 72490 invoked by uid 500); 25 Jan 2013 17:29:14 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 72445 invoked by uid 500); 25 Jan 2013 17:29:13 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 72385 invoked by uid 99); 25 Jan 2013 17:29:13 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jan 2013 17:29:13 +0000 Date: Fri, 25 Jan 2013 17:29:13 +0000 (UTC) From: "Alejandro Abdelnur (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HADOOP-8857) hadoop.http.authentication.signature.secret.file docs should not state that secret is randomly generated MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alejandro Abdelnur updated HADOOP-8857: --------------------------------------- Resolution: Fixed Assignee: Alejandro Abdelnur (was: Owen O'Malley) Hadoop Flags: Reviewed Status: Resolved (was: Patch Available) Committed to trunk and branch-2. > hadoop.http.authentication.signature.secret.file docs should not state that secret is randomly generated > -------------------------------------------------------------------------------------------------------- > > Key: HADOOP-8857 > URL: https://issues.apache.org/jira/browse/HADOOP-8857 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.0.0-alpha > Reporter: Eli Collins > Assignee: Alejandro Abdelnur > Priority: Minor > Attachments: HADOOP-8857.patch > > > The docs and default.xml state that the secret is randomly generated if the secret.file is not present, this is incorrect as the secret must be shared across all nodes in the cluster as it is used to verify the signature of the hadoop.auth cookie. If randomly generated it would be diff in all nodes. > ORIGINAL DESCRIPTION: > AuthenticationFilterInitializer#initFilter fails if the configured {{hadoop.http.authentication.signature.secret.file}} does not exist, eg: > {noformat} > java.lang.RuntimeException: Could not read HTTP signature secret file: /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret > {noformat} > Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with a string) fixes the issue. Per the auth docs "If a secret is not provided a random secret is generated at start up time.", which sounds like it means the file should be generated at startup with a random secrete, which doesn't seem to be the case. Also the instructions in the docs should be more clear in this regard. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira