[
https://issues.apache.org/jira/browse/HADOOP-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur updated HADOOP-8857:
---------------------------------------
Description:
The docs and default.xml state that the secret is randomly generated if the
secret.file is not present, this is incorrect as the secret must be shared
across all nodes in the cluster as it is used to verify the signature of the
hadoop.auth cookie. If randomly generated it would be diff in all nodes.
ORIGINAL DESCRIPTION:
AuthenticationFilterInitializer#initFilter fails if the configured
{{hadoop.http.authentication.signature.secret.file}} does not exist, eg:
{noformat}
java.lang.RuntimeException: Could not read HTTP signature secret file:
/var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
{noformat}
Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with
a string) fixes the issue. Per the auth docs "If a secret is not provided a
random secret is generated at start up time.", which sounds like it means the
file should be generated at startup with a random secrete, which doesn't seem
to be the case. Also the instructions in the docs should be more clear in this
regard.
was:
AuthenticationFilterInitializer#initFilter fails if the configured
{{hadoop.http.authentication.signature.secret.file}} does not exist, eg:
{noformat}
java.lang.RuntimeException: Could not read HTTP signature secret file:
/var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
{noformat}
Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with
a string) fixes the issue. Per the auth docs "If a secret is not provided a
random secret is generated at start up time.", which sounds like it means the
file should be generated at startup with a random secrete, which doesn't seem
to be the case. Also the instructions in the docs should be more clear in this
regard.
Summary: hadoop.http.authentication.signature.secret.file docs should
not state that secret is randomly generated (was:
hadoop.http.authentication.signature.secret.file should be created if the
configured file does not exist)
> hadoop.http.authentication.signature.secret.file docs should not state that
> secret is randomly generated
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-8857
> URL: https://issues.apache.org/jira/browse/HADOOP-8857
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Eli Collins
> Assignee: Owen O'Malley
> Priority: Minor
>
> The docs and default.xml state that the secret is randomly generated if the
> secret.file is not present, this is incorrect as the secret must be shared
> across all nodes in the cluster as it is used to verify the signature of the
> hadoop.auth cookie. If randomly generated it would be diff in all nodes.
> ORIGINAL DESCRIPTION:
> AuthenticationFilterInitializer#initFilter fails if the configured
> {{hadoop.http.authentication.signature.secret.file}} does not exist, eg:
> {noformat}
> java.lang.RuntimeException: Could not read HTTP signature secret file:
> /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
> {noformat}
> Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated
> with a string) fixes the issue. Per the auth docs "If a secret is not
> provided a random secret is generated at start up time.", which sounds like
> it means the file should be generated at startup with a random secrete, which
> doesn't seem to be the case. Also the instructions in the docs should be more
> clear in this regard.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
