hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10868) Create a ZooKeeper-backed secret provider
Date Thu, 11 Sep 2014 22:19:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14130807#comment-14130807
] 

Alejandro Abdelnur commented on HADOOP-10868:
---------------------------------------------

*AuthenticationFilter.java:*
* getProviderClass(), in the {{if ("random".equals()}} block, shouldn’t se be setting randomSecret
to {{true}}.
* {{secretProvider = (SignerSecretProvider) providerClass.newInstance();}}, no need for the
casting.

*SignerSecretProvider.java*:
* Why passing a FilterConfig, we need a ServletContext to retrieve context attributes? the
config already comes in the config properties.

*ZKSignerSecretProvider.java*:

* We should have 'ZOOKEEPER_AUTH_TYPE' to indicate if ZK authentication is required or not.
Supported values would be: none, userpassword, digest & sasl. Depending on the value the
ZK client auth conf should be done. Looks like in the patch you’ve done none and kerberos,
we can push userpassword and digest to a follow up JIRA, but the code should be refactored
in order to easily add a switch/case or if/else block.

*JaasConfiguration.java*: Please look at Hbase ZKUtil.JaasConfiguration, the following comments
follow what is done there.

* options should include {{put("refreshKrb5Config", "true")}}
* options should include {{put("debug", #a system property to trigger debugging")}}
* why do we have the set/remove/clear/get, I would pass them in the constructor, after that
the config is immutable.
* the JaasConfiguration instance should have a name and the {{getAppConfigurationEntry}} method
should only return config if the requested name matches.


> Create a ZooKeeper-backed secret provider
> -----------------------------------------
>
>                 Key: HADOOP-10868
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10868
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>         Attachments: HADOOP-10868.patch, HADOOP-10868.patch, HADOOP-10868.patch, HADOOP-10868.patch,
HADOOP-10868_branch-2.patch, HADOOP-10868_branch-2.patch, HADOOP-10868_branch-2.patch, HADOOP-10868_branch-2.patch
>
>
> Create a secret provider (see HADOOP-10791) that is backed by ZooKeeper and can synchronize
amongst different servers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message