Alejandro Abdelnur created HADOOP-10791:
-------------------------------------------
Summary: AuthenticationFilter should support externalizing the
secret for signing and provide rotation support
Key: HADOOP-10791
URL: https://issues.apache.org/jira/browse/HADOOP-10791
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
It should be possible to externalize the secret used to sign the hadoop-auth
cookies.
In the case of WebHDFS the shared secret used by NN and DNs could be used. In
the case of Oozie HA, the secret could be stored in Oozie HA control data in
ZooKeeper.
In addition, it is desirable for the secret to change periodically, this means
that the AuthenticationService should remember a previous secret for the max
duration of hadoop-auth cookie.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
