[jira] [Commented] (HADOOP-8857) hadoop.http.authentication.signature.secret.file docs should not state that secret is randomly generated

Fri, 25 Jan 2013 09:35:14 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13562858#comment-13562858
 ] 

Hudson commented on HADOOP-8857:
--------------------------------

Integrated in Hadoop-trunk-Commit #3280 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/3280/])
    HADOOP-8857. hadoop.http.authentication.signature.secret.file docs should 
not state that secret is randomly generated. (tucu) (Revision 1438601)

     Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1438601
Files : 
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/HttpAuthentication.apt.vm

                
> hadoop.http.authentication.signature.secret.file docs should not state that 
> secret is randomly generated
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-8857
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8857
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0-alpha
>            Reporter: Eli Collins
>            Assignee: Alejandro Abdelnur
>            Priority: Minor
>         Attachments: HADOOP-8857.patch
>
>
> The docs and default.xml state that the secret is randomly generated if the 
> secret.file is not present, this is incorrect as the secret must be shared 
> across all nodes in the cluster as it is used to verify the signature of the 
> hadoop.auth cookie. If randomly generated it would be diff in all nodes.
> ORIGINAL DESCRIPTION:
> AuthenticationFilterInitializer#initFilter fails if the configured 
> {{hadoop.http.authentication.signature.secret.file}} does not exist, eg:
> {noformat}
> java.lang.RuntimeException: Could not read HTTP signature secret file: 
> /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
> {noformat}
> Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated 
> with a string) fixes the issue. Per the auth docs "If a secret is not 
> provided a random secret is generated at start up time.", which sounds like 
> it means the file should be generated at startup with a random secrete, which 
> doesn't seem to be the case. Also the instructions in the docs should be more 
> clear in this regard.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to