Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 375A911708 for ; Mon, 4 Aug 2014 22:39:13 +0000 (UTC) Received: (qmail 45074 invoked by uid 500); 4 Aug 2014 22:39:13 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 45028 invoked by uid 500); 4 Aug 2014 22:39:12 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 45016 invoked by uid 99); 4 Aug 2014 22:39:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Aug 2014 22:39:12 +0000 Date: Mon, 4 Aug 2014 22:39:12 +0000 (UTC) From: "Hadoop QA (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-10791) AuthenticationFilter should support externalizing the secret for signing and provide rotation support MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14085425#comment-14085425 ] Hadoop QA commented on HADOOP-10791: ------------------------------------ {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12659739/HADOOP-10791.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 6 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 2.0.3) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-common-project/hadoop-auth hadoop-hdfs-project/hadoop-hdfs-httpfs. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/4422//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/4422//console This message is automatically generated. > AuthenticationFilter should support externalizing the secret for signing and provide rotation support > ----------------------------------------------------------------------------------------------------- > > Key: HADOOP-10791 > URL: https://issues.apache.org/jira/browse/HADOOP-10791 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.4.1 > Reporter: Alejandro Abdelnur > Assignee: Robert Kanter > Attachments: HADOOP-10791.patch, HADOOP-10791.patch, HADOOP-10791.patch, HADOOP-10791.patch > > > It should be possible to externalize the secret used to sign the hadoop-auth cookies. > In the case of WebHDFS the shared secret used by NN and DNs could be used. In the case of Oozie HA, the secret could be stored in Oozie HA control data in ZooKeeper. > In addition, it is desirable for the secret to change periodically, this means that the AuthenticationService should remember a previous secret for the max duration of hadoop-auth cookie. -- This message was sent by Atlassian JIRA (v6.2#6252)