hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-15162) UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE
Date Sat, 06 Jan 2018 00:13:00 GMT
Eric Yang created HADOOP-15162:
----------------------------------

             Summary: UserGroupInformation.createRmoteUser hardcode authentication method
to SIMPLE
                 Key: HADOOP-15162
                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Eric Yang


{{UserGroupInformation.createRemoteUser(String user)}} is hard coded Authentication method
to SIMPLE by HADOOP-10683.  This by passed proxyuser ACL check, isSecurityEnabled check, and
allow caller to impersonate as anyone.  This method could be abused in the main code base,
which can cause part of Hadoop to become insecure without proxyuser check for both SIMPLE
or Kerberos enabled environment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message