[ https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Yang resolved HADOOP-15162. -------------------------------- Resolution: Not A Problem Close this as not a problem. Bad assumption for SIMPLE security mode doesn't check for proxy ACL. I verified that SIMPLE security mode also checks for proxy ACL. UGI.createRemoteUser(remoteUser) has no effect to proxy ACL check. Thanks to [~jlowe] and [~daryn] for advices and recommendations. > UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE > ------------------------------------------------------------------------------ > > Key: HADOOP-15162 > URL: https://issues.apache.org/jira/browse/HADOOP-15162 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Eric Yang > > {{UserGroupInformation.createRemoteUser(String user)}} is hard coded > Authentication method to SIMPLE by HADOOP-10683. This by passed proxyuser > ACL check, isSecurityEnabled check, and allow caller to impersonate as > anyone. This method could be abused in the main code base, which can cause > part of Hadoop to become insecure without proxyuser check for both SIMPLE or > Kerberos enabled environment. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org