Details
-
Improvement
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
2.6.0
-
None
-
None
Description
The AuthenticationFilter uses the secret read from a file specified via hadoop.http.authentication.signature.secret.file to sign the cookie containing user authentication information.
The secret is read only during initialization and hence needs a restart to update the secret.
ZKSignerSecretProvider can be used to rotate the secrets without restarting the servers, but it needs a zookeeper setup.
The jira is to refresh secret by updating the file.
Attachments
Attachments
Issue Links
- is related to
-
HADOOP-10791 AuthenticationFilter should support externalizing the secret for signing and provide rotation support
- Closed
-
HADOOP-10670 Allow AuthenticationFilters to load secret from signature secret files
- Closed