Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16095 Support impersonation for AuthenticationFilter
  3. HADOOP-16366

Fix TimelineReaderServer ignores ProxyUserAuthenticationFilterInitializer

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.0
    • Fix Version/s: 3.3.0
    • Component/s: security
    • Labels:
      None

      Description

      YARNUIV2 fails with "Request is a replay attack" when below settings configured.

      hadoop.security.authentication = kerberos
      hadoop.http.authentication.type = kerberos
      hadoop.http.filter.initializers = org.apache.hadoop.security.AuthenticationFilterInitializer
      yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled = false

       AuthenticationFilter is added twice by the Yarn UI2 Context causing the issue.

      2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter Name:authentication, className=org.apache.hadoop.security.authentication.server.AuthenticationFilter
      2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter Name:authentication, className=org.apache.hadoop.security.authentication.server.AuthenticationFilter
      

       

      Another issue with TimelineReaderServer which ignores ProxyUserAuthenticationFilterInitializer when hadoop.http.filter.initializers is configured.

        Attachments

        1. HADOOP-16366-001.patch
          5 kB
          Prabhu Joseph
        2. HADOOP-16366-002.patch
          3 kB
          Prabhu Joseph
        3. HADOOP-16366-003.patch
          2 kB
          Prabhu Joseph

          Activity

            People

            • Assignee:
              prabhujoseph Prabhu Joseph
              Reporter:
              prabhujoseph Prabhu Joseph
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: