Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13316

Enforce Kerberos authentication for required ops in DelegationTokenAuthenticator

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 2.6.0
    • 2.8.0, 3.0.0-alpha1
    • kms, security
    • None

    Description

      Delegation tokens are supposed to be exchanged in a secure authentication, for security concerns.
      For example, HDFS only distribute or renew a delegation token under kerberos authentication

      DelegationTokenAuthenticationHandler used by KMS + HTTPFS doesn't follow this now, and poses security concerns. Details in comments.

      Attachments

        1. HADOOP-13316.01.patch
          8 kB
          Xiao Chen

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            xiaochen Xiao Chen
            xiaochen Xiao Chen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment