[
https://issues.apache.org/jira/browse/MAPREDUCE-3943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13412005#comment-13412005
]
Vinod Kumar Vavilapalli commented on MAPREDUCE-3943:
----------------------------------------------------
Thanks for the reviews, Sid and Daryn. Thanks for the patch update, Sid.
bq. Passing the shared secret keys in "plaintext" in heartbeats is a bit
troubling in general.
Note that NM->RM communication channel is kerberos authenticated, so yeah it is
still plain-text but on an authenticated channel.
bq. More concerning is the direction of the data flow: RM generates secret and
gives it to the NMs. A rogue or compromised NM can intercept a key which I
believe can be used to generate tokens for other NMs.
bq. Moving to per node secrets - I believe that can be achieved via the RM as
well, instead of having NMs generate the secret, the RM can generate secrets
for each NM. The pb message doesn't change in this case.
It seems like it is good to move to per-node secrets. But let's track it
separately.
> RM-NM secret-keys should be randomly generated and rolled every so often
> ------------------------------------------------------------------------
>
> Key: MAPREDUCE-3943
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3943
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2, security
> Affects Versions: 0.23.0
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Attachments: MAPREDUCE-3943-20120416.txt, MR3943.txt, MR3943.txt
>
>
> - RM should generate the master-key randomly
> - The master-key should roll every so often
> - NM should remember old expired keys so that already doled out
> container-requests can be satisfied.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
