[
https://issues.apache.org/jira/browse/HADOOP-12050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602158#comment-14602158
]
Benoy Antony commented on HADOOP-12050:
---------------------------------------
Thanks for working on this, [~hzlu] . A few comments on the patch.
1. Please add test cases to test the following scenarios
a. Both expiry period and InActiveInterval are not reached.
b. Expiry period is reached, InActiveInterval is not reached
c. Expiry period is not reached, InActiveInterval is reached
d. Both expiry period and InActiveInterval are reached.
2. Update the http auth documentation with enhancements introduced in
HADOOP-12049 and HADOOP-12050.
3. A nit: change maxInactive to maxInActive (camel case).
> Enable MaxInactiveInterval for hadoop http auth token
> -----------------------------------------------------
>
> Key: HADOOP-12050
> URL: https://issues.apache.org/jira/browse/HADOOP-12050
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Benoy Antony
> Assignee: hzlu
> Fix For: 3.0.0
>
> Attachments: HADOOP-12050.002.patch
>
>
> During http authentication, a cookie which contains the authentication token
> is dropped. The expiry time of the authentication token can be configured via
> hadoop.http.authentication.token.validity. The default value is 10 hours.
> For clusters which require enhanced security, it is desirable to have a
> configurable MaxInActiveInterval for the authentication token. If there is no
> activity during MaxInActiveInterval, the authentication token will be
> invalidated.
> The MaxInActiveInterval will be less than
> hadoop.http.authentication.token.validity. The default value will be 30
> minutes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
