[
https://issues.apache.org/jira/browse/HADOOP-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466087#comment-13466087
]
Owen O'Malley commented on HADOOP-8857:
---------------------------------------
Actually, we need to:
* remove the default value from core-default.xml
* if the value isn't defined, let the lower layer generate random bytes
Saving the random bytes lowers the security of the system.
> hadoop.http.authentication.signature.secret.file should be created if the
> configured file does not exist
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-8857
> URL: https://issues.apache.org/jira/browse/HADOOP-8857
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Eli Collins
> Priority: Minor
>
> AuthenticationFilterInitializer#initFilter fails if the configured
> {{hadoop.http.authentication.signature.secret.file}} does not exist, eg:
> {noformat}
> java.lang.RuntimeException: Could not read HTTP signature secret file:
> /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
> {noformat}
> Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated
> with a string) fixes the issue. Per the auth docs "If a secret is not
> provided a random secret is generated at start up time.", which sounds like
> it means the file should be generated at startup with a random secrete, which
> doesn't seem to be the case. Also the instructions in the docs should be more
> clear in this regard.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
