[
https://issues.apache.org/jira/browse/HADOOP-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14088885#comment-14088885
]
Hudson commented on HADOOP-10791:
---------------------------------
SUCCESS: Integrated in Hadoop-trunk-Commit #6026 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/6026/])
YARN-2388. Fixed TestTimelineWebServices failure due to HADOOP-10791.
Contributed by Zhijie Shen. (zjshen:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616405)
* /hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt
*
/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java
> AuthenticationFilter should support externalizing the secret for signing and
> provide rotation support
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10791
> URL: https://issues.apache.org/jira/browse/HADOOP-10791
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Robert Kanter
> Fix For: 2.6.0
>
> Attachments: HADOOP-10791.patch, HADOOP-10791.patch,
> HADOOP-10791.patch, HADOOP-10791.patch
>
>
> It should be possible to externalize the secret used to sign the hadoop-auth
> cookies.
> In the case of WebHDFS the shared secret used by NN and DNs could be used. In
> the case of Oozie HA, the secret could be stored in Oozie HA control data in
> ZooKeeper.
> In addition, it is desirable for the secret to change periodically, this
> means that the AuthenticationService should remember a previous secret for
> the max duration of hadoop-auth cookie.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
