[jira] [Commented] (HADOOP-15162) UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE

Tue, 09 Jan 2018 09:04:18 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16318749#comment-16318749
 ] 

Eric Yang commented on HADOOP-15162:
------------------------------------

[~daryn] {quote}
Are you writing your own custom http server and authentication filter?
{quote}

No.  This JIRA serves the purpose to provide information for less experienced 
developer to understand proxy ACL must be verified to enable perimeter 
security.  Code written as:

{code}
proxyUser = UserGroupInformation.getLoginUser();
        ugi = UserGroupInformation
            .createProxyUser(remoteUser, proxyUser);
{code}

Without using UGI.createRemoteUser(remoteUser) is equally good.  There is no 
need of isSecurityEnabled() check, and there is no need of explicitly call 
UGI.createRemoteUser(remoteUser).  User only get to shoot themselves in the 
foot, if {{hadoop.http.authentication.simple.anonymous.allowed}} is 
misconfigured which allow anyone to impersonate as someone else.  I would 
propose to deprecate createRemoteUser(remoteUser) API because it creates 
confusion on how code should be written.

> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-15162
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Eric Yang
>
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded 
> Authentication method to SIMPLE by HADOOP-10683.  This by passed proxyuser 
> ACL check, isSecurityEnabled check, and allow caller to impersonate as 
> anyone.  This method could be abused in the main code base, which can cause 
> part of Hadoop to become insecure without proxyuser check for both SIMPLE or 
> Kerberos enabled environment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to