hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sangjin Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10670) Allow AuthenticationFilters to load secret from signature secret files
Date Thu, 26 Mar 2015 04:52:53 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14381367#comment-14381367
] 

Sangjin Lee commented on HADOOP-10670:
--------------------------------------

I believe this breaks the RM. Prior to this JIRA, RMAuthenticationFilterInitializer threw
an exception only if security was enabled (see l.99):

{code}
95	      } catch (IOException ex) {		
96	        // if running in non-secure mode, this filter only gets added		
97	        // because the user has not setup his own filter so just generate		
98	        // a random secret. in secure mode, the user needs to setup security		
99	        if (UserGroupInformation.isSecurityEnabled()) {		
100	          throw new RuntimeException(		
101	            "Could not read HTTP signature secret file: " + signatureSecretFile);		
102	        }		
103	      } finally {		
104	        IOUtils.closeQuietly(reader);		
105	      }		
{code}

Now it appears that this check has been removed.

> Allow AuthenticationFilters to load secret from signature secret files
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-10670
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10670
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Minor
>             Fix For: 2.7.0
>
>         Attachments: HADOOP-10670-v4.patch, HADOOP-10670-v5.patch, HADOOP-10670-v6.patch,
hadoop-10670-v2.patch, hadoop-10670-v3.patch, hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed to configure
AuthenticationFilter for the required signature secret by specifying signature.secret.file
property. This improvement would also allow this when AuthenticationFilterInitializer isn't
used in situations like webhdfs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message