hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Junping Du (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10670) Allow AuthenticationFilters to load secret from signature secret files
Date Fri, 27 Mar 2015 15:38:54 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14384015#comment-14384015
] 

Junping Du commented on HADOOP-10670:
-------------------------------------

Gentlemen, just tracing from YARN test failures (TestDistributedShell) and found that this
patch break RM get started in insecure model which is very risky to 2.7. I just filed HADOOP-11763
and deliver a quick patch to fix it (comment out the default value of "hadoop.http.authentication.signature.secret.file").

I am not sure if we can find some better way (like comments above - "modify the RM to avoid
binding the filter when it is not in the secure mode") quickly. If not, let's go with the
easy way like HADOOP-11763, or we should revert the change here for 2.7 release.
CC to [~vinodkv].

> Allow AuthenticationFilters to load secret from signature secret files
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-10670
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10670
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Minor
>             Fix For: 2.7.0
>
>         Attachments: HADOOP-10670-v4.patch, HADOOP-10670-v5.patch, HADOOP-10670-v6.patch,
hadoop-10670-v2.patch, hadoop-10670-v3.patch, hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed to configure
AuthenticationFilter for the required signature secret by specifying signature.secret.file
property. This improvement would also allow this when AuthenticationFilterInitializer isn't
used in situations like webhdfs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message