hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karthik Kambatla (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10453) Do not use AuthenticatedURL in hadoop core
Date Wed, 16 Jul 2014 21:43:07 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Karthik Kambatla updated HADOOP-10453:
--------------------------------------

    Target Version/s: 2.6.0  (was: 2.5.0)

(Moving this out of 2.5)

We can continue this conversation and handle this in 2.6. 

> Do not use AuthenticatedURL in hadoop core
> ------------------------------------------
>
>                 Key: HADOOP-10453
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10453
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Haohui Mai
>            Priority: Blocker
>
> As [~daryn] has suggested in HDFS-4564:
> {quote}
> AuthenticatedURL is not used because it is buggy in part to causing replay attacks, double
attempts to kerberos authenticate with the fallback authenticator if the TGT is expired, incorrectly
uses the fallback authenticator (required by oozie servers) to add the username parameter
which webhdfs has already included in the uri.
> AuthenticatedURL's attempt to do SPNEGO auth is a no-op because the JDK transparently
does SPNEGO when the user's Subject (UGI) contains kerberos principals. Since AuthenticatedURL
is now not used, webhdfs has to check the TGT itself for token operations.
> Bottom line is AuthenticatedURL is unnecessary and introduces nothing but problems for
webhdfs. It's only useful for oozie's anon/non-anon support.
> {quote}
> However, several functionalities that relies on SPNEGO in secure mode suffer from the
same problem. For example, NNs / JNs create HTTP connections to exchange fsimage and edit
logs. Currently all of them are through {{AuthenticatedURL}}. This needs to be fixed to avoid
security vulnerabilities.
> This jira purposes to remove {{AuthenticatedURL}} from hadoop core and to move it to
oozie.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message