[HADOOP-10565] Support IP ranges (CIDR) in proxyuser.hosts - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.0
Component/s: security
Labels:
None

Target Version/s:

2.5.0
Hadoop Flags:

Reviewed

Description

In some use cases, there will be many hosts from which the user can impersonate.
This requires specifying many ips in the XML configuration.
It is cumbersome to specify and maintain long list of ips in proxyuser.hosts
The problem can be solved if we enable proxyuser.hosts to accept ip ranges in CIDR format.

In addition, the current ip authorization involve a liner scan of the ips and an attempt to do InetAddress.getByName() for each ip/host.

It may be beneficial to group this functionality of ip authorization by looking up "ip addresses/host names/ip-ranges" into a separate class. This could be reused in other usecases which require similar functionality

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-10565.06.patch
27/Jun/14 07:37
27 kB
Arpit Agarwal
HADOOP-10565.patch
26/Jun/14 16:04
27 kB
Benoy Antony
HADOOP-10565.patch
26/Jun/14 07:30
27 kB
Benoy Antony
HADOOP-10565.patch
25/Jun/14 17:20
28 kB
Benoy Antony
HADOOP-10565.patch
01/Jun/14 01:50
28 kB
Benoy Antony
HADOOP-10565.patch
02/May/14 06:26
28 kB
Benoy Antony

Issue Links

is required by

HADOOP-10651 Add ability to restrict service access using IP addresses and hostnames

Closed

relates to

HADOOP-10335 An ip whitelist based implementation to resolve Sasl properties per connection

Closed

Activity

People

Assignee:: Benoy Antony

Reporter:: Benoy Antony

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 02/May/14 06:13

Updated:: 03/Sep/14 20:36

Resolved:: 27/Jun/14 08:37