hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10868) Create a ZooKeeper-backed secret provider
Date Thu, 11 Sep 2014 22:19:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14130807#comment-14130807

Alejandro Abdelnur commented on HADOOP-10868:

* getProviderClass(), in the {{if ("random".equals()}} block, shouldn’t se be setting randomSecret
to {{true}}.
* {{secretProvider = (SignerSecretProvider) providerClass.newInstance();}}, no need for the

* Why passing a FilterConfig, we need a ServletContext to retrieve context attributes? the
config already comes in the config properties.


* We should have 'ZOOKEEPER_AUTH_TYPE' to indicate if ZK authentication is required or not.
Supported values would be: none, userpassword, digest & sasl. Depending on the value the
ZK client auth conf should be done. Looks like in the patch you’ve done none and kerberos,
we can push userpassword and digest to a follow up JIRA, but the code should be refactored
in order to easily add a switch/case or if/else block.

*JaasConfiguration.java*: Please look at Hbase ZKUtil.JaasConfiguration, the following comments
follow what is done there.

* options should include {{put("refreshKrb5Config", "true")}}
* options should include {{put("debug", #a system property to trigger debugging")}}
* why do we have the set/remove/clear/get, I would pass them in the constructor, after that
the config is immutable.
* the JaasConfiguration instance should have a name and the {{getAppConfigurationEntry}} method
should only return config if the requested name matches.

> Create a ZooKeeper-backed secret provider
> -----------------------------------------
>                 Key: HADOOP-10868
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10868
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>         Attachments: HADOOP-10868.patch, HADOOP-10868.patch, HADOOP-10868.patch, HADOOP-10868.patch,
HADOOP-10868_branch-2.patch, HADOOP-10868_branch-2.patch, HADOOP-10868_branch-2.patch, HADOOP-10868_branch-2.patch
> Create a secret provider (see HADOOP-10791) that is backed by ZooKeeper and can synchronize
amongst different servers.

This message was sent by Atlassian JIRA

View raw message