[jira] [Commented] (HADOOP-10448) Support pluggable mechanism to specify proxy user settings
[ https://issues.apache.org/jira/browse/HADOOP-10448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14008080#comment-14008080 ] Hadoop QA commented on HADOOP-10448: {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12646652/HADOOP-10448.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 10 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-hdfs-project/hadoop-hdfs-nfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager: org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.TestFairScheduler {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//console This message is automatically generated. Support pluggable mechanism to specify proxy user settings -- Key: HADOOP-10448 URL: https://issues.apache.org/jira/browse/HADOOP-10448 Project: Hadoop Common Issue Type: Sub-task Components: security Affects Versions: 2.3.0 Reporter: Benoy Antony Assignee: Benoy Antony Attachments: HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch We have a requirement to support large number of superusers. (users who impersonate as another user) (http://hadoop.apache.org/docs/r1.2.1/Secure_Impersonation.html) Currently each superuser needs to be defined in the core-site.xml via proxyuser settings. This will be cumbersome when there are 1000 entries. It seems useful to have a pluggable mechanism to specify proxy user settings with the current approach as the default. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (HADOOP-10629) security diagnostics info being dropped in exceptions seen by client
Steve Loughran created HADOOP-10629: --- Summary: security diagnostics info being dropped in exceptions seen by client Key: HADOOP-10629 URL: https://issues.apache.org/jira/browse/HADOOP-10629 Project: Hadoop Common Issue Type: Improvement Components: ipc Affects Versions: 2.4.0 Reporter: Steve Loughran When there are some security problems, not all the info goes back to the client, which sees {code} Caused by: org.apache.hadoop.ipc.RemoteException: GSS initiate failed at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:373) ~[hadoop-common-2.4.0.jar:na] {code} It's only server-side the diagnostics surface, here some javax crypto issues {code} 2014-05-24 14:17:34,314 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 9090: readAndProcess from client 192.168.1.86 threw exception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]] {code} -the inner exception text isn't making it back to the client... -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10626) Limit Returning Attributes for LDAP search
[ https://issues.apache.org/jira/browse/HADOOP-10626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Hubbard updated HADOOP-10626: --- Attachment: HADOOP-10626.patch Patch to only request the group name attribute for ldap group search. Limit Returning Attributes for LDAP search -- Key: HADOOP-10626 URL: https://issues.apache.org/jira/browse/HADOOP-10626 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 2.3.0 Reporter: Jason Hubbard Labels: easyfix, newbie, performance Attachments: HADOOP-10626.patch When using Hadoop Ldap Group mappings in an enterprise environment, searching groups and returning all members can take a long time causing a timeout. This causes not all groups to be returned for a user. Because the first search only searches for the user dn and the second search retrieves the group member attribute, we only need to return the group member attribute on the search speeding up the search. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10626) Limit Returning Attributes for LDAP search
[ https://issues.apache.org/jira/browse/HADOOP-10626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Hubbard updated HADOOP-10626: --- Status: Patch Available (was: Open) Limit Returning Attributes for LDAP search -- Key: HADOOP-10626 URL: https://issues.apache.org/jira/browse/HADOOP-10626 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 2.3.0 Reporter: Jason Hubbard Labels: easyfix, newbie, performance Attachments: HADOOP-10626.patch When using Hadoop Ldap Group mappings in an enterprise environment, searching groups and returning all members can take a long time causing a timeout. This causes not all groups to be returned for a user. Because the first search only searches for the user dn and the second search retrieves the group member attribute, we only need to return the group member attribute on the search speeding up the search. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10550) HttpAuthentication.html is out of date
[ https://issues.apache.org/jira/browse/HADOOP-10550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14008270#comment-14008270 ] Pankti M commented on HADOOP-10550: --- came across this documentation for a prior release http://hadoop.apache.org/docs/r1.0.4/HttpAuthentication.html Should the fix be to update the document with similar steps? HttpAuthentication.html is out of date -- Key: HADOOP-10550 URL: https://issues.apache.org/jira/browse/HADOOP-10550 Project: Hadoop Common Issue Type: Bug Affects Versions: 3.0.0, 2.4.0 Reporter: Zhijie Shen Priority: Minor Labels: newbie, site It is still saying: {code} By default Hadoop HTTP web-consoles (JobTracker, NameNode, TaskTrackers and DataNodes) allow access without any form of authentication. {code} -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10420) Add support to Swift-FS to support tempAuth
[ https://issues.apache.org/jira/browse/HADOOP-10420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14008284#comment-14008284 ] Gil Vernik commented on HADOOP-10420: - I see the patch you provided. Why did you called classes as SoftLayer authentication? It shouldn't be using such names. You added a TempAuth authentication support, which is normally used by Swift. The names of the classes should be TempAuth... This way it will be clear what is it about, otherwise it looks like someone need SoftLayer account and it's very confusing. Tempauth is standard with any Swift installation. Can you please provide example of the configuration file to activate TempAuth and not KeyStone? Add support to Swift-FS to support tempAuth --- Key: HADOOP-10420 URL: https://issues.apache.org/jira/browse/HADOOP-10420 Project: Hadoop Common Issue Type: Improvement Components: fs, tools Affects Versions: 2.3.0 Reporter: Jinghui Wang Attachments: HADOOP-10420.patch Currently, hadoop-openstack Swift FS supports keystone authentication. The attached patch adds support for tempAuth. Users will be able to configure which authentication to use. -- This message was sent by Atlassian JIRA (v6.2#6252)