[HADOOP-11748] The secrets of auth cookies should not be specified in configuration in clear text - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.7.0
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

Based on the discussion on ~~HADOOP-10670~~, this jira proposes to remove StringSecretProvider as it opens up possibilities for misconfiguration and security vulnerabilities.

My understanding is that the use case of inlining the secret is never supported. The property is used to pass the secret internally. The way it works before ~~HADOOP-10868~~ is the following:

Users specify the initializer of the authentication filter in the configuration.

AuthenticationFilterInitializer reads the secret file. The server will not start if the secret file does not exists. The initializer will set the property if it read the file correctly.
*There is no way to specify the secret in the configuration out-of-the-box – the secret is always overwritten by AuthenticationFilterInitializer.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11748-032615-poc.patch
26/Mar/15 23:03
17 kB
Li Lu
HADOOP-11748.001.patch
26/Mar/15 23:30
31 kB
Haohui Mai

Issue Links

breaks

HADOOP-12902 JavaDocs for SignerSecretProvider are out-of-date in AuthenticationFilter

Closed

OOZIE-2300 TestAuthFilterAuthOozieClient.testClientAuthTokenCache fails with Hadoop 2.7.0 and later

Closed

is broken by

HADOOP-10868 Create a ZooKeeper-backed secret provider

Closed

relates to

HADOOP-10670 Allow AuthenticationFilters to load secret from signature secret files

Closed

Activity

People

Assignee:: Li Lu

Reporter:: Haohui Mai

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 25/Mar/15 18:24

Updated:: 31/Mar/16 07:08

Resolved:: 27/Mar/15 00:36