hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10670) Allow AuthenticationFilter to respect signature secret file even without AuthenticationFilterInitializer
Date Fri, 13 Jun 2014 17:31:02 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14030873#comment-14030873
] 

Alejandro Abdelnur commented on HADOOP-10670:
---------------------------------------------

* {{String signatureSecretFile = config.getProperty(SIGNATURE_SECRET_FILE);}}, the property
name should be prefixed with {{configPrefix +}}.

* Using a secret file is more secure than having the secret inline in the configuration. The
secret file should have precedence over the inline secret. The inline secret should be deprecated,
we should print a warning on that.

Do we have a testcase for this in the {{AuthenticationFilterInitializer}} tests? if so, we
should move them to the {{AuthenticationFilter}} tests.

Other than that, looks good.


> Allow AuthenticationFilter to respect signature secret file even without AuthenticationFilterInitializer
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10670
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10670
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Minor
>         Attachments: hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed to configure
AuthenticationFilter for the required signature secret by specifying signature.secret.file
property. This improvement would also allow this when AuthenticationFilterInitializer isn't
used in situations like webhdfs.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message