[
https://issues.apache.org/jira/browse/OOZIE-1917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086818#comment-14086818
]
Robert Kanter commented on OOZIE-1917:
--------------------------------------
HADOOP-10868 will give us an implementation that works with Zookeeper; so once
it's done, this JIRA just needs to configure it and deal with either waiting
for Hadoop 2.6.0 or "borrowing" the required classes until then.
> Authentication secret should be random by default and needs to coordinate
> with HA
> ---------------------------------------------------------------------------------
>
> Key: OOZIE-1917
> URL: https://issues.apache.org/jira/browse/OOZIE-1917
> Project: Oozie
> Issue Type: Improvement
> Components: HA, security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Critical
>
> {{oozie.authentication.signature.secret}} is currently set to {{oozie}} by
> default, which is a pretty poor value for this. We should set it to be
> random by default (i.e. blank in oozie-site/default).
> We should also make it so that with Oozie HA, we store this value in
> ZooKeeper so all Oozie servers can use the same secret. This may get a
> little tricky because hadoop-auth's AuthenticationFilter doesn't make it
> easy/practical to change how the Signer and secret are set. We'll likely
> have to have Oozie's AuthFilter compute it's own random secret and do all the
> ZK stuff and set the value of {{oozie.authentication.signature.secret}}
> before calling AuthenticationFilter#init
--
This message was sent by Atlassian JIRA
(v6.2#6252)
