hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-10911) hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109
Date Fri, 29 Aug 2014 16:31:54 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115409#comment-14115409
] 

Alejandro Abdelnur edited comment on HADOOP-10911 at 8/29/14 4:30 PM:
----------------------------------------------------------------------

+1, pending jenkins. Greg, thanks for you patience and for doing all those combinations of
scenarios in the tests.


was (Author: tucu00):
+1. Greg, thanks for you patience and for doing all those combinations of scenarios in the
tests.

> hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10911
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10911
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.5.0
>            Reporter: Gregory Chanan
>         Attachments: HADOOP-10911-tests.patch, HADOOP-10911.patch, HADOOP-10911v2.patch,
HADOOP-10911v3.patch
>
>
> I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is unable to
authenticate with servers running the authentication filter), even with HADOOP-10710 applied.
> From my reading of the spec, the problem is as follows:
> Expires is not a valid directive according to the RFC, though it is mentioned for backwards
compatibility with netscape draft spec.  When httpclient sees "Expires", it parses according
to the netscape draft spec, but note from RFC2109:
> {code}
> Note that the Expires date format contains embedded spaces, and that "old" cookies did
not have quotes around values. 
> {code}
> and note that AuthenticationFilter puts quotes around the value:
> https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439
> So httpclient's parsing appears to be kosher.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message