[jira] [Commented] (HADOOP-10448) Support pluggable mechanism to specify proxy user settings
[
https://issues.apache.org/jira/browse/HADOOP-10448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14008080#comment-14008080
]
Hadoop QA commented on HADOOP-10448:
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12646652/HADOOP-10448.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 10 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs
hadoop-hdfs-project/hadoop-hdfs-nfs
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager:
org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.TestFairScheduler
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//console
This message is automatically generated.
Support pluggable mechanism to specify proxy user settings
--
Key: HADOOP-10448
URL: https://issues.apache.org/jira/browse/HADOOP-10448
Project: Hadoop Common
Issue Type: Sub-task
Components: security
Affects Versions: 2.3.0
Reporter: Benoy Antony
Assignee: Benoy Antony
Attachments: HADOOP-10448.patch, HADOOP-10448.patch,
HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
HADOOP-10448.patch, HADOOP-10448.patch
We have a requirement to support large number of superusers. (users who
impersonate as another user)
(http://hadoop.apache.org/docs/r1.2.1/Secure_Impersonation.html)
Currently each superuser needs to be defined in the core-site.xml via
proxyuser settings. This will be cumbersome when there are 1000 entries.
It seems useful to have a pluggable mechanism to specify proxy user settings
with the current approach as the default.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Created] (HADOOP-10629) security diagnostics info being dropped in exceptions seen by client
Steve Loughran created HADOOP-10629:
---
Summary: security diagnostics info being dropped in exceptions
seen by client
Key: HADOOP-10629
URL: https://issues.apache.org/jira/browse/HADOOP-10629
Project: Hadoop Common
Issue Type: Improvement
Components: ipc
Affects Versions: 2.4.0
Reporter: Steve Loughran
When there are some security problems, not all the info goes back to the
client, which sees
{code}
Caused by: org.apache.hadoop.ipc.RemoteException: GSS initiate failed
at
org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:373)
~[hadoop-common-2.4.0.jar:na]
{code}
It's only server-side the diagnostics surface, here some javax crypto issues
{code}
2014-05-24 14:17:34,314 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for
port 9090: readAndProcess from client 192.168.1.86 threw exception
[javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption
type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]
{code}
-the inner exception text isn't making it back to the client...
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (HADOOP-10626) Limit Returning Attributes for LDAP search
[ https://issues.apache.org/jira/browse/HADOOP-10626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Hubbard updated HADOOP-10626: --- Attachment: HADOOP-10626.patch Patch to only request the group name attribute for ldap group search. Limit Returning Attributes for LDAP search -- Key: HADOOP-10626 URL: https://issues.apache.org/jira/browse/HADOOP-10626 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 2.3.0 Reporter: Jason Hubbard Labels: easyfix, newbie, performance Attachments: HADOOP-10626.patch When using Hadoop Ldap Group mappings in an enterprise environment, searching groups and returning all members can take a long time causing a timeout. This causes not all groups to be returned for a user. Because the first search only searches for the user dn and the second search retrieves the group member attribute, we only need to return the group member attribute on the search speeding up the search. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HADOOP-10626) Limit Returning Attributes for LDAP search
[ https://issues.apache.org/jira/browse/HADOOP-10626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Hubbard updated HADOOP-10626: --- Status: Patch Available (was: Open) Limit Returning Attributes for LDAP search -- Key: HADOOP-10626 URL: https://issues.apache.org/jira/browse/HADOOP-10626 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 2.3.0 Reporter: Jason Hubbard Labels: easyfix, newbie, performance Attachments: HADOOP-10626.patch When using Hadoop Ldap Group mappings in an enterprise environment, searching groups and returning all members can take a long time causing a timeout. This causes not all groups to be returned for a user. Because the first search only searches for the user dn and the second search retrieves the group member attribute, we only need to return the group member attribute on the search speeding up the search. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10550) HttpAuthentication.html is out of date
[
https://issues.apache.org/jira/browse/HADOOP-10550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14008270#comment-14008270
]
Pankti M commented on HADOOP-10550:
---
came across this documentation for a prior release
http://hadoop.apache.org/docs/r1.0.4/HttpAuthentication.html
Should the fix be to update the document with similar steps?
HttpAuthentication.html is out of date
--
Key: HADOOP-10550
URL: https://issues.apache.org/jira/browse/HADOOP-10550
Project: Hadoop Common
Issue Type: Bug
Affects Versions: 3.0.0, 2.4.0
Reporter: Zhijie Shen
Priority: Minor
Labels: newbie, site
It is still saying:
{code}
By default Hadoop HTTP web-consoles (JobTracker, NameNode, TaskTrackers and
DataNodes) allow access without any form of authentication.
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10420) Add support to Swift-FS to support tempAuth
[ https://issues.apache.org/jira/browse/HADOOP-10420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14008284#comment-14008284 ] Gil Vernik commented on HADOOP-10420: - I see the patch you provided. Why did you called classes as SoftLayer authentication? It shouldn't be using such names. You added a TempAuth authentication support, which is normally used by Swift. The names of the classes should be TempAuth... This way it will be clear what is it about, otherwise it looks like someone need SoftLayer account and it's very confusing. Tempauth is standard with any Swift installation. Can you please provide example of the configuration file to activate TempAuth and not KeyStone? Add support to Swift-FS to support tempAuth --- Key: HADOOP-10420 URL: https://issues.apache.org/jira/browse/HADOOP-10420 Project: Hadoop Common Issue Type: Improvement Components: fs, tools Affects Versions: 2.3.0 Reporter: Jinghui Wang Attachments: HADOOP-10420.patch Currently, hadoop-openstack Swift FS supports keystone authentication. The attached patch adds support for tempAuth. Users will be able to configure which authentication to use. -- This message was sent by Atlassian JIRA (v6.2#6252)
