[jira] [Commented] (HADOOP-10911) hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109

Sat, 30 Aug 2014 04:45:38 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14116342#comment-14116342
 ] 

Hudson commented on HADOOP-10911:
---------------------------------

FAILURE: Integrated in Hadoop-Yarn-trunk #664 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk/664/])
HADOOP-10911. hadoop.auth cookie after HADOOP-10710 still not proper according 
to RFC2109. (gchanan via tucu) (tucu: rev 
156e6a4f8aed69febec408af423b2a8ac313c643)
* 
hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java
* 
hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* hadoop-project/pom.xml
* hadoop-common-project/hadoop-common/CHANGES.txt
* 
hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* hadoop-common-project/hadoop-auth/pom.xml


> hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10911
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10911
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.5.0
>            Reporter: Gregory Chanan
>             Fix For: 2.6.0
>
>         Attachments: HADOOP-10911-tests.patch, HADOOP-10911.patch, 
> HADOOP-10911v2.patch, HADOOP-10911v3.patch
>
>
> I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is 
> unable to authenticate with servers running the authentication filter), even 
> with HADOOP-10710 applied.
> From my reading of the spec, the problem is as follows:
> Expires is not a valid directive according to the RFC, though it is mentioned 
> for backwards compatibility with netscape draft spec.  When httpclient sees 
> "Expires", it parses according to the netscape draft spec, but note from 
> RFC2109:
> {code}
> Note that the Expires date format contains embedded spaces, and that "old" 
> cookies did not have quotes around values. 
> {code}
> and note that AuthenticationFilter puts quotes around the value:
> https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439
> So httpclient's parsing appears to be kosher.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to