hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Kanter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10791) AuthenticationFilter should support externalizing the secret for signing and provide rotation support
Date Tue, 15 Jul 2014 17:03:06 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14062321#comment-14062321
] 

Robert Kanter commented on HADOOP-10791:
----------------------------------------

{quote}I assume you are going to use a single secret for all of the Hadoop services so that
you get single sign on.{quote}
I hadn't thought about this, but it sounds like a good idea.  I'm going to store the information
in a znode, so if you configure all Hadoop services to point to the same anode for their secret,
then they should all use the same secret.  

{quote}Are you going to need a separate server to update the secrets or are you going to have
the various servers pick a leader to roll the secrets?{quote}
I'm going to do neither.  Basically, at the rollover time, each server will "propose" a new
secret to use, but only one of them will succeed (because of the version number); then all
servers will use the secret of whichever one won.  I like this approach because even if they're
synchronized properly on the rollover, there's likely to be variance in when they actually
run the rollover code, so this ensures that there will always be a new secret; If the leader
is slower or later than the others, we'd have to handle that properly.  We also don't have
to worry about the leader dying at an inconvenient time.  If you want I can write up something
describing the design in more detail.

> AuthenticationFilter should support externalizing the secret for signing and provide
rotation support
> -----------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10791
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10791
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Robert Kanter
>
> It should be possible to externalize the secret used to sign the hadoop-auth cookies.
> In the case of WebHDFS the shared secret used by NN and DNs could be used. In the case
of Oozie HA, the secret could be stored in Oozie HA control data in ZooKeeper.
> In addition, it is desirable for the secret to change periodically, this means that the
AuthenticationService should remember a previous secret for the max duration of hadoop-auth
cookie.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message