Christopher Tubbs created ACCUMULO-1165:
-------------------------------------------
Summary: Use a unique SystemToken (credentials) for each server
instance (TServer, etc.)
Key: ACCUMULO-1165
URL: https://issues.apache.org/jira/browse/ACCUMULO-1165
Project: Accumulo
Issue Type: Improvement
Components: tserver
Reporter: Christopher Tubbs
Assignee: Christopher Tubbs
Each component should use unique system credentials, and those credentials
should only be valid while a tablet server (or other component) holds a lock in
zookeeper.
This behavior more accurately reflects the security model for system
components, and may be able to help reduce or eliminate the possibility of
multiple-assignment. It could also help prevent problems of other "half-dead"
components that have lost their lock (such as a master), by adding an
authentication check for the master in the tablet servers.
It's important to realize that this ticket doesn't necessarily improve security
(any component with access to the configuration secret can fake it the lock
ID), but it does provide additional sanity checks by authenticating individual
system components, and improves the handling of failure conditions.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
