[
https://issues.apache.org/jira/browse/ACCUMULO-1165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christopher Tubbs updated ACCUMULO-1165:
----------------------------------------
Assignee: (was: Christopher Tubbs)
> Use a unique SystemToken (credentials) for each server instance (TServer,
> etc.)
> -------------------------------------------------------------------------------
>
> Key: ACCUMULO-1165
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1165
> Project: Accumulo
> Issue Type: Improvement
> Components: tserver
> Reporter: Christopher Tubbs
>
> Each component should use unique system credentials, and those credentials
> should only be valid while a tablet server (or other component) holds a lock
> in zookeeper.
> This behavior more accurately reflects the security model for system
> components, and may be able to help reduce or eliminate the possibility of
> multiple-assignment. It could also help prevent problems of other "half-dead"
> components that have lost their lock (such as a master), by adding an
> authentication check for the master in the tablet servers.
> It's important to realize that this ticket doesn't necessarily improve
> security (any component with access to the configuration secret can fake it
> the lock ID), but it does provide additional sanity checks by authenticating
> individual system components, and improves the handling of failure conditions.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
