[
https://issues.apache.org/jira/browse/HADOOP-7621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur updated HADOOP-7621:
---------------------------------------
Attachment: HADOOP-7621.patch
Based on feedback, second patch uses the default config files for all
properties and for the secret now there is a property pointing to a file from
where the secret will be loaded instead being inline.
This is is identical to how keytabs are handled. And it is the responsibility
of the deployer to make sure those files are available and have the right
permissions.
The patch is also setting&creating the test.build.dir and test.build.data
directories.
> alfredo config should be in a file not readable by users
> --------------------------------------------------------
>
> Key: HADOOP-7621
> URL: https://issues.apache.org/jira/browse/HADOOP-7621
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.20.205.0, 0.23.0, 0.24.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 0.20.205.0, 0.23.0, 0.24.0
>
> Attachments: HADOOP-7621.patch, HADOOP-7621.patch
>
>
> [thxs ATM for point this one out]
> Alfredo configuration currently is stored in the core-site.xml file, this
> file is readable by users (it must be as Configuration defaults must be
> loaded).
> One of Alfredo config values is a secret which is used by all nodes to
> sign/verify the authentication cookie.
> A user could get hold of this secret and forge authentication cookies for
> other users.
> Because of this the Alfredo configuration, should be move to a user
> non-readable file.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
