[HADOOP-7621] alfredo config should be in a file not readable by users - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.20.205.0, 0.23.0, 0.24.0
Fix Version/s: 1.1.0, 0.22.1, 0.23.3
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed

Description

[thxs ATM for point this one out]

Alfredo configuration currently is stored in the core-site.xml file, this file is readable by users (it must be as Configuration defaults must be loaded).

One of Alfredo config values is a secret which is used by all nodes to sign/verify the authentication cookie.

A user could get hold of this secret and forge authentication cookies for other users.

Because of this the Alfredo configuration, should be move to a user non-readable file.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-7621.patch
13/Sep/11 20:44
10 kB
Alejandro Abdelnur
HADOOP-7621.patch
19/Sep/11 15:37
7 kB
Alejandro Abdelnur
HADOOP-7621.patch
20/Sep/11 00:55
7 kB
Alejandro Abdelnur
HADOOP-7621-branch-0.20-security.patch
21/Sep/11 19:04
5 kB
Aaron Myers
HADOOP-7621-branch-0.20-security.patch
21/Sep/11 20:03
5 kB
Aaron Myers
hadoop-7621-022.patch
10/May/12 00:51
3 kB
Benoy Antony

Issue Links

is depended upon by

HADOOP-8357 Restore security in Hadoop 0.22 branch

Resolved

relates to

HADOOP-8043 KerberosAuthenticationFilter and friends have some problems

Resolved

requires

HADOOP-7119 add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT web-consoles

Closed

Activity

People

Assignee:: Aaron Myers

Reporter:: Alejandro Abdelnur

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 10/Sep/11 01:02

Updated:: 16/Mar/15 19:25

Resolved:: 21/Sep/11 20:04