[
https://issues.apache.org/jira/browse/HDFS-4568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13596391#comment-13596391
]
Alejandro Abdelnur commented on HDFS-4568:
------------------------------------------
This should be done also for HttpFS, in the {{HttpFSKerberosAuthenticator}}
class, the enum definition {{ CANCELDELEGATIONTOKEN(HTTP_PUT, false);}} it
should be changed to {{true}}.
> NN should require authenticated connections to cancel tokens
> ------------------------------------------------------------
>
> Key: HDFS-4568
> URL: https://issues.apache.org/jira/browse/HDFS-4568
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode, security
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
>
> The NN requires get/renew token operations to be securely authenticated - ie.
> you can't use a token to get/renew a token. However, token cancelation is
> allowed with a token, including using a token to cancel itself. Cancelation
> should perform the same authentication checks as get/renew.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
