Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12050

Enable MaxInactiveInterval for hadoop http auth token

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.7.1
    • 2.8.0, 3.0.0-alpha1
    • security
    • None

    Description

      During http authentication, a cookie which contains the authentication token is dropped. The expiry time of the authentication token can be configured via hadoop.http.authentication.token.validity. The default value is 10 hours.

      For clusters which require enhanced security, it is desirable to have a configurable MaxInActiveInterval for the authentication token. If there is no activity during MaxInActiveInterval, the authentication token will be invalidated.

      The MaxInActiveInterval will be less than hadoop.http.authentication.token.validity. The default value will be 30 minutes.

      Attachments

        1. HADOOP-12050.003.patch
          15 kB
          Huizhi Lu
        2. HADOOP-12050.004.patch
          24 kB
          Huizhi Lu

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-12587 Hadoop AuthToken refuses to work without a maxinactive attribute in issued token

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              hzlu Huizhi Lu
              benoyantony Benoy Antony
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: