hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Graves (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-8857) hadoop.http.authentication.signature.secret.file docs should not state that secret is randomly generated
Date Fri, 01 Feb 2013 18:18:12 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Thomas Graves updated HADOOP-8857:
----------------------------------

    Fix Version/s: 0.23.7
    
> hadoop.http.authentication.signature.secret.file docs should not state that secret is
randomly generated
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-8857
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8857
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0-alpha
>            Reporter: Eli Collins
>            Assignee: Alejandro Abdelnur
>            Priority: Minor
>             Fix For: 0.23.7
>
>         Attachments: HADOOP-8857.patch
>
>
> The docs and default.xml state that the secret is randomly generated if the secret.file
is not present, this is incorrect as the secret must be shared across all nodes in the cluster
as it is used to verify the signature of the hadoop.auth cookie. If randomly generated it
would be diff in all nodes.
> ORIGINAL DESCRIPTION:
> AuthenticationFilterInitializer#initFilter fails if the configured {{hadoop.http.authentication.signature.secret.file}}
does not exist, eg:
> {noformat}
> java.lang.RuntimeException: Could not read HTTP signature secret file: /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
> {noformat}
> Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with a string)
fixes the issue. Per the auth docs "If a secret is not provided a random secret is generated
at start up time.", which sounds like it means the file should be generated at startup with
a random secrete, which doesn't seem to be the case. Also the instructions in the docs should
be more clear in this regard.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message