hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10791) AuthenticationFilter should support externalizing the secret for signing and provide rotation support
Date Thu, 07 Aug 2014 15:00:27 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14089300#comment-14089300
] 

Hudson commented on HADOOP-10791:
---------------------------------

SUCCESS: Integrated in Hadoop-Mapreduce-trunk #1856 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1856/])
YARN-2388. Fixed TestTimelineWebServices failure due to HADOOP-10791. Contributed by Zhijie
Shen. (zjshen: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616405)
* /hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt
* /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java


> AuthenticationFilter should support externalizing the secret for signing and provide
rotation support
> -----------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10791
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10791
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Robert Kanter
>             Fix For: 2.6.0
>
>         Attachments: HADOOP-10791.patch, HADOOP-10791.patch, HADOOP-10791.patch, HADOOP-10791.patch
>
>
> It should be possible to externalize the secret used to sign the hadoop-auth cookies.
> In the case of WebHDFS the shared secret used by NN and DNs could be used. In the case
of Oozie HA, the secret could be stored in Oozie HA control data in ZooKeeper.
> In addition, it is desirable for the secret to change periodically, this means that the
AuthenticationService should remember a previous secret for the max duration of hadoop-auth
cookie.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message