[ https://issues.apache.org/jira/browse/HDFS-9525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15053170#comment-15053170 ]
Daryn Sharp commented on HDFS-9525: ----------------------------------- [~aw] [~heesoo] -1. Revert everything (I have a knack for screwing up git or I would do it) except the multiple token file support which is what this jira purported to do. Never make fundamental security changes under an innocent sounding title. # You _cannot_ get a token with a token. That effectively killed security. What's the purpose of having an expiration if I can steal a token and use it to get new tokens forever? # When you see a test explicitly stating that you can't use a token to get a token, you don't delete it. # When you see a test called {{testPrivateTokenExclusion}}, that deals with 3 tokens, with the comment "// Ensure only non-private tokens are returned", you don't change the assert from 1 to 3. # In general, when you touch something security related and tests break - best case is unacceptable incompatibility. Worst case, this. I'm sorry for my tone. Tremendous effort was spent to stabilize webhdfs for production usage. Ignoring the security implications, handling of token acquisition, spnego contexts, and renewal was a terrible problem. If I've misinterpreted the patch, please correct me. > hadoop utilities need to support provided delegation tokens > ----------------------------------------------------------- > > Key: HDFS-9525 > URL: https://issues.apache.org/jira/browse/HDFS-9525 > Project: Hadoop HDFS > Issue Type: New Feature > Components: security > Affects Versions: 3.0.0 > Reporter: Allen Wittenauer > Assignee: HeeSoo Kim > Priority: Blocker > Fix For: 3.0.0 > > Attachments: HDFS-7984.001.patch, HDFS-7984.002.patch, > HDFS-7984.003.patch, HDFS-7984.004.patch, HDFS-7984.005.patch, > HDFS-7984.006.patch, HDFS-7984.007.patch, HDFS-7984.patch > > > When using the webhdfs:// filesystem (especially from distcp), we need the > ability to inject a delegation token rather than webhdfs initialize its own. > This would allow for cross-authentication-zone file system accesses. -- This message was sent by Atlassian JIRA (v6.3.4#6332)