You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2011/01/05 02:36:45 UTC
[jira] Commented: (HADOOP-7070) JAAS configuration should delegate
unknown application names to pre-existing configuration
[ https://issues.apache.org/jira/browse/HADOOP-7070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977579#action_12977579 ]
Todd Lipcon commented on HADOOP-7070:
-------------------------------------
Owen, do you think this looks good at this point?
> JAAS configuration should delegate unknown application names to pre-existing configuration
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-7070
> URL: https://issues.apache.org/jira/browse/HADOOP-7070
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.22.0, 0.23.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Critical
> Attachments: hadoop-7070.2.txt, hadoop-7070.txt, hadoop-7070.txt
>
>
> As reported here: https://issues.cloudera.org/browse/DISTRO-66 it is impossible to use secured Hadoop inside an application that relies on other JAAS configurations. This is because the static initializer of UserGroupInformation replaces the JAAS configuration, but we don't delegate unknown applications up to whatever Configuration was installed previously. The delegation technique seems to be used by JBoss's XMLLoginConfigImpl for example.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.