Robert Kanter created OOZIE-1917:
------------------------------------
Summary: Authentication secret should be random by default and
needs to coordinate with HA
Key: OOZIE-1917
URL: https://issues.apache.org/jira/browse/OOZIE-1917
Project: Oozie
Issue Type: Improvement
Components: HA, security
Affects Versions: trunk
Reporter: Robert Kanter
Assignee: Robert Kanter
{{oozie.authentication.signature.secret}} is currently set to {{oozie}} by
default, which is a pretty poor value for this. We should set it to be random
by default (i.e. blank in oozie-site/default).
We should also make it so that with Oozie HA, we store this value in ZooKeeper
so all Oozie servers can use the same secret. This may get a little tricky
because hadoop-auth's AuthenticationFilter doesn't make it easy/practical to
change how the Signer and secret are set. We'll likely have to have Oozie's
AuthFilter compute it's own random secret and do all the ZK stuff and set the
value of {{oozie.authentication.signature.secret}} before calling
AuthenticationFilter#init
--
This message was sent by Atlassian JIRA
(v6.2#6252)