[
https://issues.apache.org/jira/browse/HADOOP-15765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16620769#comment-16620769
]
Eric Yang commented on HADOOP-15765:
------------------------------------
If the security class is configurable via config file, then config file must be
owned by root or read only by the user who runs the JVM. This prevents runtime
hacking to subvert the security class. In Hadoop, there is very little
security check to ensure the config value is coming from a read only source.
It is best to avoid doing configurable security class loading. I think updates
to the existing hard code list is still preferred solution.
> Can not find login module class for IBM due to hard codes
> ---------------------------------------------------------
>
> Key: HADOOP-15765
> URL: https://issues.apache.org/jira/browse/HADOOP-15765
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 3.0.3
> Reporter: Jianfei Jiang
> Priority: Major
> Attachments: HADOOP-15765_000.patch
>
>
> As the differences between various versions of IBM, the login module class is
> sometimes different. However, the class for specified jdk (no matter the
> version) is hard coded in Hadoop code. We have faced the error like following:
> *javax.security.auth.login.LoginException: unable to find LoginModule class:
> com.ibm.security.auth.module.LinuxLoginModule*
>
> Should we set the value as a config which can be set by users?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
