[
https://issues.apache.org/jira/browse/OOZIE-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13816960#comment-13816960
]
Robert Kanter commented on OOZIE-1491:
--------------------------------------
I've mostly finished the patch for this. I may decide to make a separate JIRA
to do the unit tests because that might be a lot of work to do properly (we'll
have to use the MiniKDC from Hadoop); though I have tested it manually.
The only remaining issue is that the znodes created for the locks always have
open ACLs. With help from Jordan Zimmerman on the on the Curator-User list,
I'm fairly certain the problem is due to CURATOR-58, which I'll see if I can
fix. Even if I fix that, we won't have it until the next Curator release, so
until then, there will be a small security hole here where a malicious user
could acquire a lock to prevent Oozie from processing that job.
> Make sure HA works with a secure ZooKeeper
> ------------------------------------------
>
> Key: OOZIE-1491
> URL: https://issues.apache.org/jira/browse/OOZIE-1491
> Project: Oozie
> Issue Type: Improvement
> Components: HA
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
>
> We need to make sure that HA works with a secure ZooKeeper. This includes
> the SASL ACL setting that will prevent someone else from deleting the oozie
> znodes.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
