Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11567

Refresh HTTP Authentication secret without restarting the server

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Patch Available
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.6.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      The AuthenticationFilter uses the secret read from a file specified via hadoop.http.authentication.signature.secret.file to sign the cookie containing user authentication information.
      The secret is read only during initialization and hence needs a restart to update the secret.

      ZKSignerSecretProvider can be used to rotate the secrets without restarting the servers, but it needs a zookeeper setup.
      The jira is to refresh secret by updating the file.

        Attachments

        1. HADOOP-11567-003.patch
          31 kB
          Benoy Antony
        2. HADOOP-11567-002.patch
          31 kB
          Benoy Antony
        3. HADOOP-11567-001.patch
          24 kB
          Benoy Antony

          Issue Links

            Activity

              People

              • Assignee:
                benoyantony Benoy Antony
                Reporter:
                benoyantony Benoy Antony
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: