[jira] [Created] (SPARK-8129) Securely pass auth secret to executors in standalone cluster mode

[Kan Zhang (JIRA)]

Kan Zhang created SPARK-8129:
--------------------------------

             Summary: Securely pass auth secret to executors in standalone 
cluster mode
                 Key: SPARK-8129
                 URL: https://issues.apache.org/jira/browse/SPARK-8129
             Project: Spark
          Issue Type: New Feature
          Components: Deploy, Spark Core
            Reporter: Kan Zhang
            Priority: Critical


Currently, when authentication is turned on, Worker passes auth secret to 
executors (also drivers in cluster mode) as java options on the command line, 
which isn't secure. The passed secret can be seen by anyone running 'ps' 
command, e.g.,

```
ps -ef

......

  501 94787 94734   0  2:32PM ??         0:00.78 
/Library/Java/JavaVirtualMachines/jdk1.7.0_60.jdk/Contents/Home/jre/bin/java 
-cp 
/Users/kan/github/spark/sbin/../conf/:/Users/kan/github/spark/assembly/target/scala-2.10/spark-assembly-1.4.0-SNAPSHOT-hadoop2.3.0.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-api-jdo-3.2.6.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-core-3.2.10.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-rdbms-3.2.9.jar
 -Xms512M -Xmx512M 
-*Dspark.authenticate.secret=090A030E0F0A05010900000A0C0E0C0B03050D05* 
-Dspark.driver.port=49625 -Dspark.authenticate=true -XX:MaxPermSize=128m 
org.apache.spark.executor.CoarseGrainedExecutorBackend --driver-url 
akka.tcp://sparkDriver@192.168.1.152:49625/user/CoarseGrainedScheduler 
--executor-id 0 --hostname 192.168.1.152 --cores 8 --app-id 
app-20150605143259-0000 --worker-url 
akka.tcp://sparkWorker@192.168.1.152:49623/user/Worker
``` 




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org