hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10453) Do not use AuthenticatedURL in hadoop core
Date Fri, 18 Jul 2014 01:53:30 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aaron T. Myers updated HADOOP-10453:
------------------------------------

    Priority: Major  (was: Blocker)

I'm lowering the prio of this from major. I think we all agree that it's an issue that we
should address, but I see no reason this should be considered a blocker.

> Do not use AuthenticatedURL in hadoop core
> ------------------------------------------
>
>                 Key: HADOOP-10453
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10453
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Haohui Mai
>
> As [~daryn] has suggested in HDFS-4564:
> {quote}
> AuthenticatedURL is not used because it is buggy in part to causing replay attacks, double
attempts to kerberos authenticate with the fallback authenticator if the TGT is expired, incorrectly
uses the fallback authenticator (required by oozie servers) to add the username parameter
which webhdfs has already included in the uri.
> AuthenticatedURL's attempt to do SPNEGO auth is a no-op because the JDK transparently
does SPNEGO when the user's Subject (UGI) contains kerberos principals. Since AuthenticatedURL
is now not used, webhdfs has to check the TGT itself for token operations.
> Bottom line is AuthenticatedURL is unnecessary and introduces nothing but problems for
webhdfs. It's only useful for oozie's anon/non-anon support.
> {quote}
> However, several functionalities that relies on SPNEGO in secure mode suffer from the
same problem. For example, NNs / JNs create HTTP connections to exchange fsimage and edit
logs. Currently all of them are through {{AuthenticatedURL}}. This needs to be fixed to avoid
security vulnerabilities.
> This jira purposes to remove {{AuthenticatedURL}} from hadoop core and to move it to
oozie.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message