[
https://issues.apache.org/jira/browse/HADOOP-13316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HADOOP-13316:
-------------------------------
Attachment: HADOOP-13316.01.patch
Patch 1 to fix this, with test cases that fail-before, pass-after.
Manually verified #3 fails in the above scenario with this change..
> Delegation Tokens should not be renewed or retrived using delegation token
> authentication
> -----------------------------------------------------------------------------------------
>
> Key: HADOOP-13316
> URL: https://issues.apache.org/jira/browse/HADOOP-13316
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms, security
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Priority: Blocker
> Attachments: HADOOP-13316.01.patch
>
>
> Delegation tokens are supposed to be exchanged in a secure authentication,
> for security concerns.
> For example, HDFS [only distribute or renew a delegation token under kerberos
> authentication|https://github.com/apache/hadoop/blob/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L5164]
> {{DelegationTokenAuthenticationHandler}} used by KMS + HTTPFS doesn't follow
> this now, and poses security concerns. Details in comments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
