[
https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14378850#comment-14378850
]
Robert Kanter commented on HADOOP-10670:
----------------------------------------
It's not really a side effect of HADOOP-10868; it's a side effect of the
original implementation, which simply loaded the secret from a config property,
or used a random one if not set. HADOOP-10791 added support for pluggable
providers (to allow HADOOP-1868 to work), and included
{{StringSignerSecretProvider}} to be backwards compatible with that setting.
While I agree that {{FileSignerSecretProvider}} is more secure, I'm not sure we
can simply remove {{StringSignerSecretProvider}} without breaking
compatibility. What if we instead deprecate it, log a warning about it not
being recommended, and add a note to the docs?
> Allow AuthenticationFilter to respect signature secret file even without
> AuthenticationFilterInitializer
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10670
> URL: https://issues.apache.org/jira/browse/HADOOP-10670
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Priority: Minor
> Attachments: HADOOP-10670-v4.patch, HADOOP-10670-v5.patch,
> hadoop-10670-v2.patch, hadoop-10670-v3.patch, hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed
> to configure AuthenticationFilter for the required signature secret by
> specifying signature.secret.file property. This improvement would also allow
> this when AuthenticationFilterInitializer isn't used in situations like
> webhdfs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
