[
https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16318599#comment-16318599
]
Daryn Sharp commented on HADOOP-15162:
--------------------------------------
bq. Proxy user credential should be verified if it can impersonate.
_There are no credentials_ with security disabled but a proxy user is verified
if the client reported it's a proxy user – for http rest services via the doAs
parameter.
bq. In my usage, I am writing a component for YARN, and end user credential is
verified in http request.
It is verified and you have nothing to do if you use the standard HttpServer
and authentication filters.
bq. If code is written as UGI.createRemoteUser(remoteUser), should there be a
check to determine if the current service user can proxy? Some Hadoop PMC told
me no because they assumed isSecurityEnabled == false, there should be no proxy
ACL check.
Of course it should be verified and as I keep stressing it is verified. I
think the PMC gave you bad advice and/or didn't understand the context.
bq. If this type of assumption is applied, then we will have components talking
to other components without honoring proxy user ACL, and leading to part of
Hadoop being completely insecure.
This boggles me. You are arguing: "oh no! my insecure server is completely
insecure!"
bq. The server should decide which authentication method to use, setup
authentication method and verify proxy ACL explicitly.
It already does. What am I missing? Are you writing your own custom http
server and authentication filter?
Let's conclude this discussion. Specifically, what existing code are you
proposing be changed and how? Post a patch.
> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>
> Key: HADOOP-15162
> URL: https://issues.apache.org/jira/browse/HADOOP-15162
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Eric Yang
>
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded
> Authentication method to SIMPLE by HADOOP-10683. This by passed proxyuser
> ACL check, isSecurityEnabled check, and allow caller to impersonate as
> anyone. This method could be abused in the main code base, which can cause
> part of Hadoop to become insecure without proxyuser check for both SIMPLE or
> Kerberos enabled environment.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
