[
https://issues.apache.org/jira/browse/HADOOP-13316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HADOOP-13316:
-------------------------------
Description:
Delegation tokens are supposed to be exchanged in a secure authentication, for
security concerns.
For example, HDFS [only distribute or renew a delegation token under kerberos
authentication|https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L5164]
{{DelegationTokenAuthenticationHandler}} used by KMS + HTTPFS doesn't follow
this now, and poses security concerns. Details in comments.
> Delegation Tokens should not be renewed or retrived using delegation token
> authentication
> -----------------------------------------------------------------------------------------
>
> Key: HADOOP-13316
> URL: https://issues.apache.org/jira/browse/HADOOP-13316
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms, security
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Priority: Blocker
>
> Delegation tokens are supposed to be exchanged in a secure authentication,
> for security concerns.
> For example, HDFS [only distribute or renew a delegation token under kerberos
> authentication|https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L5164]
> {{DelegationTokenAuthenticationHandler}} used by KMS + HTTPFS doesn't follow
> this now, and poses security concerns. Details in comments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
