hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15162) UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
Date Tue, 09 Jan 2018 15:29:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16318599#comment-16318599

Daryn Sharp commented on HADOOP-15162:

bq. Proxy user credential should be verified if it can impersonate.
_There are no credentials_ with security disabled but a proxy user is verified if the client
reported it's a proxy user – for http rest services via the doAs parameter.

bq. In my usage, I am writing a component for YARN, and end user credential is verified in
http request.
It is verified and you have nothing to do if you use the standard HttpServer and authentication

bq. If code is written as UGI.createRemoteUser(remoteUser), should there be a check to determine
if the current service user can proxy? Some Hadoop PMC told me no because they assumed isSecurityEnabled
== false, there should be no proxy ACL check.
Of course it should be verified and as I keep stressing it is verified.  I think the PMC gave
you bad advice and/or didn't understand the context.

bq. If this type of assumption is applied, then we will have components talking to other components
without honoring proxy user ACL, and leading to part of Hadoop being completely insecure.
This boggles me.  You are arguing: "oh no! my insecure server is completely insecure!"

bq. The server should decide which authentication method to use, setup authentication method
and verify proxy ACL explicitly.
It already does.  What am I missing?  Are you writing your own custom http server and authentication

Let's conclude this discussion.  Specifically, what existing code are you proposing be changed
and how?  Post a patch.

> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>                 Key: HADOOP-15162
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Eric Yang
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded Authentication method
to SIMPLE by HADOOP-10683.  This by passed proxyuser ACL check, isSecurityEnabled check, and
allow caller to impersonate as anyone.  This method could be abused in the main code base,
which can cause part of Hadoop to become insecure without proxyuser check for both SIMPLE
or Kerberos enabled environment.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message