[jira] [Commented] (PHOENIX-4533) Phoenix Query Server should not use SPNEGO principal to proxy user requests

Mon, 29 Jan 2018 10:20:34 -0800 

    [ 
https://issues.apache.org/jira/browse/PHOENIX-4533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16343764#comment-16343764
 ] 

Josh Elser commented on PHOENIX-4533:
-------------------------------------

Thanks, Lev! This is exactly the kind of testing I was hoping to see. Just to 
be super-sure, you could still send new queries to PQS and query the system 
after the re-login? (at 2018-01-26 11:58:58,399)

Can you at least modify 
{{phoenix-queryserver/src/it/java/org/apache/phoenix/end2end/SecureQueryServerIT.java}}
 and 
{{phoenix-queryserver/src/it/java/org/apache/phoenix/end2end/HttpParamImpersonationQueryServerIT.java}}
 to use the new approach (two keytabs), [~lbronshtein]? I can't think of any 
kind of non-contrived, net-new test. After this change, I could see us 
recommending this as the standard set-up for PQS on Kerberized systems.

Otherwise, we'll need to make sure the website gets updated with these changes 
(code is hosted in a separate repo -- I can give you instructions on how to 
update that, or just push them myself if you'd prefer). 

> Phoenix Query Server should not use SPNEGO principal to proxy user requests
> ---------------------------------------------------------------------------
>
>                 Key: PHOENIX-4533
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4533
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Lev Bronshtein
>            Assignee: Lev Bronshtein
>            Priority: Minor
>         Attachments: PHOENIX-4533.1.patch
>
>
> Currently the HTTP/ principal is used by various components in the HADOOP 
> ecosystem to perform SPNEGO authentication.  Since there can only be one 
> HTTP/ per host, even outside of the Hadoop ecosystem, the keytab containing 
> key material for local HTTP/ principal is shared among a few applications.  
> With so many applications having access to the HTTP/ credentials, this 
> increases the chances of an attack on the proxy user capabilities of Hadoop.  
> This JIRA proposes that two different key tabs can be used to
> 1. Authenticate kerberized web requests
> 2. Communicate with the phoenix back end



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to