[
https://issues.apache.org/jira/browse/HADOOP-10880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14098734#comment-14098734
]
Alejandro Abdelnur commented on HADOOP-10880:
---------------------------------------------
[~daryn],
I’ve gone the digest approach to see how things would work but I’ve found a few
issues with it which I think make the use of digest a moot thing:
Digest typically assumes a challenge with a nonce from the server, the nonce is
use to create the hash of the common secret. In our case, we would be doing a
proactive digest (we don’t want 2 HTTP calls on every HTTP call using a DT),
this means we don’t have a nonce from the server. We could get the server side
to use proactively the AuthenticationInfo to provide a nonce in advance, that
that would break pipelined requests. We could get the client to issue a nonce
and the server honor it, but that would not work without using our client and
server that understand that (curl would break).
Even if we sort it out, we have another problem, the DT is an opaque string
blob to the client. The DT includes the token identifier and the password, we
would have to use the token identifier as the 'user' and the password as the
'password' in creating the Disgest 'user:digest(password)' client header. A
curl client would not have a way to break down the DT opaque string into
identifier and password.
Another point, when getting, renewing or canceling a DT, we send the full DT
opaque string. So using a digest for does not prevent for an attacker to get
the full DT.
Given all this, my take is, the current patch that moves the DTs from URL to
headers and just use HTTPS.
Thoughts? Am I missing something?
> Move HTTP delegation tokens out of URL querystring to a header
> --------------------------------------------------------------
>
> Key: HADOOP-10880
> URL: https://issues.apache.org/jira/browse/HADOOP-10880
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Blocker
> Attachments: HADOOP-10880.patch, HADOOP-10880.patch,
> HADOOP-10880.patch
>
>
> Following up on a discussion in HADOOP-10799.
> Because URLs are often logged, delegation tokens may end up in LOG files
> while they are still valid.
> We should move the tokens to a header.
> We should still support tokens in the querystring for backwards compatibility.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
