hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10670) Allow AuthenticationFilters to load secret from signature secret files
Date Thu, 26 Mar 2015 06:37:53 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14381460#comment-14381460
] 

Kai Zheng commented on HADOOP-10670:
------------------------------------

Not binding the filter when not in secure mode in RM may be a little risk. How about this,
remove the signature file property instead ? I thought it's easy done in much safer.

> Allow AuthenticationFilters to load secret from signature secret files
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-10670
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10670
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Minor
>             Fix For: 2.7.0
>
>         Attachments: HADOOP-10670-v4.patch, HADOOP-10670-v5.patch, HADOOP-10670-v6.patch,
hadoop-10670-v2.patch, hadoop-10670-v3.patch, hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed to configure
AuthenticationFilter for the required signature secret by specifying signature.secret.file
property. This improvement would also allow this when AuthenticationFilterInitializer isn't
used in situations like webhdfs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message