[
https://issues.apache.org/jira/browse/OOZIE-1917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138259#comment-14138259
]
Rohini Palaniswamy commented on OOZIE-1917:
-------------------------------------------
Sorry. I just realized that with this change HA will not work if you don't have
hadoop-2.6 hadoop-auth library. So pom.xml changes are in order. Also are we
saying that Oozie HA will not be supported with Hadoop 1.x ?
> Authentication secret should be random by default and needs to coordinate
> with HA
> ---------------------------------------------------------------------------------
>
> Key: OOZIE-1917
> URL: https://issues.apache.org/jira/browse/OOZIE-1917
> Project: Oozie
> Issue Type: Improvement
> Components: HA, security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Critical
> Attachments: OOZIE-1917.patch, OOZIE-1917.patch
>
>
> {{oozie.authentication.signature.secret}} is currently set to {{oozie}} by
> default, which is a pretty poor value for this. We should set it to be
> random by default (i.e. blank in oozie-site/default).
> We should also make it so that with Oozie HA, we store this value in
> ZooKeeper so all Oozie servers can use the same secret. This may get a
> little tricky because hadoop-auth's AuthenticationFilter doesn't make it
> easy/practical to change how the Signer and secret are set. We'll likely
> have to have Oozie's AuthFilter compute it's own random secret and do all the
> ZK stuff and set the value of {{oozie.authentication.signature.secret}}
> before calling AuthenticationFilter#init
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
