[ https://issues.apache.org/jira/browse/HADOOP-8857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13562858#comment-13562858 ]
Hudson commented on HADOOP-8857: -------------------------------- Integrated in Hadoop-trunk-Commit #3280 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/3280/]) HADOOP-8857. hadoop.http.authentication.signature.secret.file docs should not state that secret is randomly generated. (tucu) (Revision 1438601) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1438601 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/HttpAuthentication.apt.vm > hadoop.http.authentication.signature.secret.file docs should not state that > secret is randomly generated > -------------------------------------------------------------------------------------------------------- > > Key: HADOOP-8857 > URL: https://issues.apache.org/jira/browse/HADOOP-8857 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.0.0-alpha > Reporter: Eli Collins > Assignee: Alejandro Abdelnur > Priority: Minor > Attachments: HADOOP-8857.patch > > > The docs and default.xml state that the secret is randomly generated if the > secret.file is not present, this is incorrect as the secret must be shared > across all nodes in the cluster as it is used to verify the signature of the > hadoop.auth cookie. If randomly generated it would be diff in all nodes. > ORIGINAL DESCRIPTION: > AuthenticationFilterInitializer#initFilter fails if the configured > {{hadoop.http.authentication.signature.secret.file}} does not exist, eg: > {noformat} > java.lang.RuntimeException: Could not read HTTP signature secret file: > /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret > {noformat} > Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated > with a string) fixes the issue. Per the auth docs "If a secret is not > provided a random secret is generated at start up time.", which sounds like > it means the file should be generated at startup with a random secrete, which > doesn't seem to be the case. Also the instructions in the docs should be more > clear in this regard. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira