[ https://issues.apache.org/jira/browse/HADOOP-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14089300#comment-14089300 ]
Hudson commented on HADOOP-10791: --------------------------------- SUCCESS: Integrated in Hadoop-Mapreduce-trunk #1856 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1856/]) YARN-2388. Fixed TestTimelineWebServices failure due to HADOOP-10791. Contributed by Zhijie Shen. (zjshen: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616405) * /hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java > AuthenticationFilter should support externalizing the secret for signing and > provide rotation support > ----------------------------------------------------------------------------------------------------- > > Key: HADOOP-10791 > URL: https://issues.apache.org/jira/browse/HADOOP-10791 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.4.1 > Reporter: Alejandro Abdelnur > Assignee: Robert Kanter > Fix For: 2.6.0 > > Attachments: HADOOP-10791.patch, HADOOP-10791.patch, > HADOOP-10791.patch, HADOOP-10791.patch > > > It should be possible to externalize the secret used to sign the hadoop-auth > cookies. > In the case of WebHDFS the shared secret used by NN and DNs could be used. In > the case of Oozie HA, the secret could be stored in Oozie HA control data in > ZooKeeper. > In addition, it is desirable for the secret to change periodically, this > means that the AuthenticationService should remember a previous secret for > the max duration of hadoop-auth cookie. -- This message was sent by Atlassian JIRA (v6.2#6252)