You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Francis Liu (JIRA)" <ji...@apache.org> on 2012/08/27 20:10:07 UTC
[jira] [Created] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Francis Liu created HBASE-6671:
----------------------------------
Summary: Kerberos authenticated super user should be able to retrieve proxied delegation tokens
Key: HBASE-6671
URL: https://issues.apache.org/jira/browse/HBASE-6671
Project: HBase
Issue Type: Bug
Affects Versions: 0.94.1
Reporter: Francis Liu
Assignee: Francis Liu
Attachments: proxy_fix_trunk.patch
There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443494#comment-13443494 ]
Hudson commented on HBASE-6671:
-------------------------------
Integrated in HBase-0.94 #442 (See [https://builds.apache.org/job/HBase-0.94/442/])
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378268)
Result = FAILURE
Tedyu :
Files :
* /hbase/branches/0.94/pom.xml
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443395#comment-13443395 ]
Ted Yu commented on HBASE-6671:
-------------------------------
Integrated to 0.94 as well.
Thanks for the patch, Francis.
Thanks for the review, Andy.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442718#comment-13442718 ]
Ted Yu commented on HBASE-6671:
-------------------------------
@Gary, @Andy:
Do you have further comment about Francis' patch ?
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442573#comment-13442573 ]
Ted Yu commented on HBASE-6671:
-------------------------------
@Francis:
Hadoop QA would pick up the latest attachment.
In the future, please attach trunk patch last.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Francis Liu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francis Liu updated HBASE-6671:
-------------------------------
Attachment: proxy_fix_94.patch
updated 0.94 patch.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442578#comment-13442578 ]
Ted Yu commented on HBASE-6671:
-------------------------------
getConnectionAuthenticationMethod() is a private method, can it be inlined ?
Minor:
javadoc for parameters of getConnectionAuthenticationMethod() and isAllowedDelegationTokenOp() is missing.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442715#comment-13442715 ]
Hadoop QA commented on HBASE-6671:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12542654/6671-trunk-v2.txt
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.
-1 javadoc. The javadoc tool appears to have generated 94 warning messages.
-1 javac. The applied patch generated 5 javac compiler warnings (more than the trunk's current 4 warnings).
-1 findbugs. The patch appears to introduce 13 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/2706//console
This message is automatically generated.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu updated HBASE-6671:
--------------------------
Resolution: Fixed
Fix Version/s: 0.94.2
Status: Resolved (was: Patch Available)
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Francis Liu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442664#comment-13442664 ]
Francis Liu commented on HBASE-6671:
------------------------------------
Looks good to me.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Himanshu Vashishtha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13447450#comment-13447450 ]
Himanshu Vashishtha commented on HBASE-6671:
--------------------------------------------
EDIT:
If so, then a user Joe who is not kerberos authenticated can access hbase services by piggybacking on hbase credentials?
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443663#comment-13443663 ]
Hudson commented on HBASE-6671:
-------------------------------
Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #153 (See [https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/153/])
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378142)
Result = FAILURE
Tedyu :
Files :
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Francis Liu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francis Liu updated HBASE-6671:
-------------------------------
Attachment: proxy_fix_94.patch
0.94 patch, includes updating the hadoop-0.23 dependency since there are binary incompatible changes. Also 0.23.3 should be released in a few weeks.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443233#comment-13443233 ]
Hudson commented on HBASE-6671:
-------------------------------
Integrated in HBase-TRUNK #3289 (See [https://builds.apache.org/job/HBase-TRUNK/3289/])
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378142)
Result = FAILURE
Tedyu :
Files :
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu updated HBASE-6671:
--------------------------
Fix Version/s: 0.96.0
Hadoop Flags: Reviewed
Status: Patch Available (was: Open)
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443182#comment-13443182 ]
Ted Yu commented on HBASE-6671:
-------------------------------
Integrated to trunk.
@Francis:
Can you attach patch for 0.94 ?
Thanks
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448267#comment-13448267 ]
Hudson commented on HBASE-6671:
-------------------------------
Integrated in HBase-0.94-security #51 (See [https://builds.apache.org/job/HBase-0.94-security/51/])
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378268)
Result = FAILURE
Tedyu :
Files :
* /hbase/branches/0.94/pom.xml
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Francis Liu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442576#comment-13442576 ]
Francis Liu commented on HBASE-6671:
------------------------------------
Will do, thanks for the tip.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443053#comment-13443053 ]
Andrew Purtell commented on HBASE-6671:
---------------------------------------
Looks good to me. This should be applied to 0.94 too.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443385#comment-13443385 ]
Hadoop QA commented on HBASE-6671:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12542800/proxy_fix_94.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/2722//console
This message is automatically generated.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Ted Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu updated HBASE-6671:
--------------------------
Attachment: 6671-trunk-v2.txt
v2 addresses the above comments.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Himanshu Vashishtha (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13447449#comment-13447449 ]
Himanshu Vashishtha commented on HBASE-6671:
--------------------------------------------
Sorry for chiming in late, but I want to understand what is going on here. I was reading HBase security code and the attached patch. A basic question:
Do we support proxy users? If so, then a use Joe who is not kerberos authenticated can access hbase services by piggybacking on hbase credentials. How one can enable/use it? Please share.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Francis Liu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francis Liu updated HBASE-6671:
-------------------------------
Attachment: proxy_fix_trunk.patch
Logic is culled from the namenode and jobtracker for consistency.
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6671) Kerberos authenticated super user
should be able to retrieve proxied delegation tokens
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448316#comment-13448316 ]
Hudson commented on HBASE-6671:
-------------------------------
Integrated in HBase-0.94-security-on-Hadoop-23 #7 (See [https://builds.apache.org/job/HBase-0.94-security-on-Hadoop-23/7/])
HBASE-6671 Kerberos authenticated super user should be able to retrieve proxied delegation tokens (Francis) (Revision 1378268)
Result = FAILURE
Tedyu :
Files :
* /hbase/branches/0.94/pom.xml
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
> Kerberos authenticated super user should be able to retrieve proxied delegation tokens
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6671
> URL: https://issues.apache.org/jira/browse/HBASE-6671
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.94.1
> Reporter: Francis Liu
> Assignee: Francis Liu
> Fix For: 0.96.0, 0.94.2
>
> Attachments: 6671-trunk-v2.txt, proxy_fix_94.patch, proxy_fix_94.patch, proxy_fix_trunk.patch
>
>
> There a services such a oozie which perform actions in behalf of the user using proxy authentication. Retrieving delegation tokens should support this behavior.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira