[jira] [Commented] (GIRAPH-212) Security is busted since GIRAPH-168

[Eugene Koontz (JIRA)]

    [ 
https://issues.apache.org/jira/browse/GIRAPH-212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13434539#comment-13434539
 ] 

Eugene Koontz commented on GIRAPH-212:
--------------------------------------

Currently, we have (since GIRAPH-186):

||profile||HADOOP_NON_SECURE||HADOOP_NON_SASL||HADOOP_NON_INTERVERSIONED_RPC||
|hadoop_non_secure|x|x|x|
|hadoop_facebook  |x|x| |
|hadoop_0.20.203  | |x|x|
|hadoop_0.23      | | | |
|hadoop_2.0.0     | | | |
|hadoop_trunk     | | | |


this patch changes the above to:
||profile||HADOOP_NON_SECURE||HADOOP_NON_INTERVERSIONED_RPC||HADOOP_NON_JOBCONTEXT_IS_INTERFACE||HADOOP_1_AUTHORIZE||
|hadoop_non_secure| |x|x|x|
|hadoop_facebook  |x|x| | |
|hadoop_0.23      | | | | |
|hadoop_2.0.0     | | | | |
|hadoop_trunk     | | | | |


Notice that the HADOOP_NON_SASL Munge flag is gone - it made an incorrect 
distinction between earlier and later Hadoop versions, which causes the bug 
described by this JIRA. It is replaced with the correct distinction using the 
Munge flags: HADOOP_NON_JOBCONTEXT_IS_INTERFACE and HADOOP_1_AUTHORIZE. 

Although this seems like a change to make things more complicated by increasing 
the number of Munge flags, it makes the correct distinction between Hadoop 
versions. Newer Hadoops (post-1.0) remain unaffected by Munge, as they should 
be.
                
> Security is busted since GIRAPH-168
> -----------------------------------
>
>                 Key: GIRAPH-212
>                 URL: https://issues.apache.org/jira/browse/GIRAPH-212
>             Project: Giraph
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 0.2.0
>            Reporter: Jakob Homan
>            Assignee: Eugene Koontz
>            Priority: Critical
>             Fix For: 0.2.0
>
>         Attachments: core-site.xml, GIRAPH-212.patch, GIRAPH-212.patch, 
> hdfs-site.xml, mapred-site.xml
>
>
> As reported on the mailing list and verified here on our clusters, 
> something's gone screwy with Giraph jobs on secure hadoop.  I reverted back 
> before GIRAPH-168 and this goes away, although I've not found out what it is 
> yet (and may not be 168).  
> RPC clients are trying to open connections with the wrong configuration 
> relative to the servers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira