hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12050) Enable MaxInactiveInterval for hadoop http auth token
Date Fri, 26 Jun 2015 00:05:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602158#comment-14602158
] 

Benoy Antony commented on HADOOP-12050:
---------------------------------------

Thanks for working on this,  [~hzlu] . A few comments on the patch.

1. Please add test cases to test the following scenarios
    a. Both expiry period and InActiveInterval are not reached.
   b. Expiry period is reached, InActiveInterval is not reached
   c. Expiry period is not reached, InActiveInterval is reached
   d. Both expiry period and InActiveInterval are reached.

2. Update the http auth documentation with enhancements introduced in HADOOP-12049 and HADOOP-12050.

3. A nit: change maxInactive to maxInActive  (camel case).
 


> Enable MaxInactiveInterval for hadoop http auth token
> -----------------------------------------------------
>
>                 Key: HADOOP-12050
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12050
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Benoy Antony
>            Assignee: hzlu
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-12050.002.patch
>
>
> During http authentication, a cookie which contains the authentication token is dropped.
The expiry time of the authentication token can be configured via hadoop.http.authentication.token.validity.
The default value is 10 hours.
> For clusters which require enhanced security, it is desirable to have a configurable
MaxInActiveInterval for the authentication token. If there is no activity during MaxInActiveInterval,
the authentication token will be invalidated. 
> The MaxInActiveInterval will be less than hadoop.http.authentication.token.validity.
The default value will be 30 minutes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message