[jira] [Commented] (HADOOP-10670) Allow AuthenticationFilter to respect signature secret file even without AuthenticationFilterInitializer

Tue, 24 Mar 2015 15:34:55 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14378803#comment-14378803
 ] 

Haohui Mai commented on HADOOP-10670:
-------------------------------------

The approach looks good.

{code}
+      // The precedence from high to low : file, inline string, random
+      if (signatureSecretFile != null) {
+        providerClassName = FileSignerSecretProvider.class.getName();
{code}

I think the way the code works is a side effect on HADOOP-10868. We do not 
support inlining the secret in the configuration. Anyone can read the 
configuration can forge the authentication cookie. This is a security 
vulnerability since the Hadoop configuration is readable by both servers and 
clients. We have similar issues in NFS / LDAP and we store the secret / 
credentials in a separate file and guard them by setting the permissions 
properly.

We should remove {{StringSecretProvider}} once we have {{FileSecretProvider}}. 
[~rkanter], can you comment on this?

I think the patch also needs to remove the duplicated code 
{{RMAuthenticationFilterInitializer}} as well.

> Allow AuthenticationFilter to respect signature secret file even without 
> AuthenticationFilterInitializer
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10670
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10670
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>            Priority: Minor
>         Attachments: HADOOP-10670-v4.patch, HADOOP-10670-v5.patch, 
> hadoop-10670-v2.patch, hadoop-10670-v3.patch, hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed 
> to configure AuthenticationFilter for the required signature secret by 
> specifying signature.secret.file property. This improvement would also allow 
> this when AuthenticationFilterInitializer isn't used in situations like 
> webhdfs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to