You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org> on 2015/11/19 22:51:11 UTC
[jira] [Commented] (HADOOP-12050) Enable MaxInactiveInterval for
hadoop http auth token
[ https://issues.apache.org/jira/browse/HADOOP-12050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014453#comment-15014453 ]
Vinod Kumar Vavilapalli commented on HADOOP-12050:
--------------------------------------------------
[~hzlu] / [~benoyantony], the configuration property introduced here doesn't follow our usual conventions (which I concede are not documented in writing). But can we rename this from {{hadoop.http.authentication.token.MaxInactiveInterval}} to {{hadoop.http.authentication.token.max-inactive-interval}}? If you agree, we can get it fixed.
> Enable MaxInactiveInterval for hadoop http auth token
> -----------------------------------------------------
>
> Key: HADOOP-12050
> URL: https://issues.apache.org/jira/browse/HADOOP-12050
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.7.1
> Reporter: Benoy Antony
> Assignee: hzlu
> Fix For: 2.8.0, 3.0.0
>
> Attachments: HADOOP-12050.003.patch, HADOOP-12050.004.patch
>
>
> During http authentication, a cookie which contains the authentication token is dropped. The expiry time of the authentication token can be configured via hadoop.http.authentication.token.validity. The default value is 10 hours.
> For clusters which require enhanced security, it is desirable to have a configurable MaxInActiveInterval for the authentication token. If there is no activity during MaxInActiveInterval, the authentication token will be invalidated.
> The MaxInActiveInterval will be less than hadoop.http.authentication.token.validity. The default value will be 30 minutes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)