[ https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16317414#comment-16317414 ]
Daryn Sharp commented on HADOOP-15162: -------------------------------------- bq. In summary, proxy user ACL should be checked for simple security instead of reliance on isSecurityEnabled(). As stated earlier, proxy privs are always checked for non-token connections. bq. isSecurityEnabled( gives a false sense that proxy user ACL shouldn't be checked which leading to use of UserGroupInformation.createRemoteUser(remoteUser) in server code, which is a bad practice for not verifying the credential of current server user. It's not bad practice for a server to use createRemoteUser – that's why it exists. What does "verifying the credential of current server user" mean when security is disabled and there are no credentials? > UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE > ------------------------------------------------------------------------------ > > Key: HADOOP-15162 > URL: https://issues.apache.org/jira/browse/HADOOP-15162 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Eric Yang > > {{UserGroupInformation.createRemoteUser(String user)}} is hard coded > Authentication method to SIMPLE by HADOOP-10683. This by passed proxyuser > ACL check, isSecurityEnabled check, and allow caller to impersonate as > anyone. This method could be abused in the main code base, which can cause > part of Hadoop to become insecure without proxyuser check for both SIMPLE or > Kerberos enabled environment. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org