[HADOOP-13316] Enforce Kerberos authentication for required ops in DelegationTokenAuthenticator - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.8.0, 3.0.0-alpha1
Component/s: kms, security
Labels:
None

Target Version/s:

2.8.0

Description

Delegation tokens are supposed to be exchanged in a secure authentication, for security concerns.
For example, HDFS only distribute or renew a delegation token under kerberos authentication

DelegationTokenAuthenticationHandler used by KMS + HTTPFS doesn't follow this now, and poses security concerns. Details in comments.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-13316.01.patch
24/Jun/16 03:56
8 kB
Xiao Chen

Activity

People

Assignee:: Xiao Chen

Reporter:: Xiao Chen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Jun/16 03:26

Updated:: 30/Aug/16 01:13

Resolved:: 28/Jun/16 01:47