You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Alejandro Abdelnur (JIRA)" <ji...@apache.org> on 2012/06/01 22:40:22 UTC
[jira] [Created] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Alejandro Abdelnur created HADOOP-8465:
------------------------------------------
Summary: hadoop-auth should support ephemeral authentication
Key: HADOOP-8465
URL: https://issues.apache.org/jira/browse/HADOOP-8465
Project: Hadoop Common
Issue Type: New Feature
Components: security
Affects Versions: 2.0.1-alpha
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Fix For: 2.0.1-alpha
Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13287658#comment-13287658 ]
Hadoop QA commented on HADOOP-8465:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12530598/HADOOP-8465.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 1 new or modified test files.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1070//console
This message is automatically generated.
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8465:
---------------------------------------
Attachment: HADOOP-8465.patch
updated patch to apply after formatting changes in HADOOP-8458
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293945#comment-13293945 ]
Hadoop QA commented on HADOOP-8465:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12531881/HADOOP-8465.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 1 new or modified test files.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-auth.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1114//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1114//console
This message is automatically generated.
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8465:
---------------------------------------
Attachment: HADOOP-8465.patch
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294087#comment-13294087 ]
Hudson commented on HADOOP-8465:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #2352 (See [https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2352/])
HADOOP-8465. hadoop-auth should support ephemeral authentication (tucu) (Revision 1349613)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349613
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationToken.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13287653#comment-13287653 ]
Alejandro Abdelnur commented on HADOOP-8465:
--------------------------------------------
This can be addressed by allowing an AuthenticationHandler to set the expiration of the authentication token to ZERO (note that only ZERO would be supported, the AuthenticationHandler cannot change to an arbitrary expiration interval).
When the expiration is set to ZERO, the AuthenticationFilter would let the request continue to the target resource but it will not issue an HTTP Cookie. This means that subsequent requests will be forced through the AuthenticationHandler.
This will work with webhdfs delegation tokens where the delegationtoken must be part of the querystring of the request.
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294481#comment-13294481 ]
Hudson commented on HADOOP-8465:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk #1108 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1108/])
HADOOP-8465. hadoop-auth should support ephemeral authentication (tucu) (Revision 1349613)
Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349613
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationToken.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8465:
---------------------------------------
Status: Open (was: Patch Available)
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Posted by "Arun C Murthy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun C Murthy closed HADOOP-8465.
---------------------------------
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.2-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8465:
---------------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
committed to trunk and branch-2
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294375#comment-13294375 ]
Hudson commented on HADOOP-8465:
--------------------------------
Integrated in Hadoop-Hdfs-trunk #1075 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1075/])
HADOOP-8465. hadoop-auth should support ephemeral authentication (tucu) (Revision 1349613)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349613
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationToken.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8465:
---------------------------------------
Status: Patch Available (was: Open)
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294120#comment-13294120 ]
Hudson commented on HADOOP-8465:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk-Commit #2374 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2374/])
HADOOP-8465. hadoop-auth should support ephemeral authentication (tucu) (Revision 1349613)
Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349613
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationToken.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8465) hadoop-auth should support ephemeral
authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8465:
---------------------------------------
Status: Patch Available (was: Open)
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Aaron T. Myers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294025#comment-13294025 ]
Aaron T. Myers commented on HADOOP-8465:
----------------------------------------
+1, the patch looks good to me.
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8465) hadoop-auth should support
ephemeral authentication
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294074#comment-13294074 ]
Hudson commented on HADOOP-8465:
--------------------------------
Integrated in Hadoop-Hdfs-trunk-Commit #2425 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2425/])
HADOOP-8465. hadoop-auth should support ephemeral authentication (tucu) (Revision 1349613)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349613
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationToken.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> hadoop-auth should support ephemeral authentication
> ---------------------------------------------------
>
> Key: HADOOP-8465
> URL: https://issues.apache.org/jira/browse/HADOOP-8465
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8465.patch, HADOOP-8465.patch
>
>
> Currently, once a client is authenticated the generated authentication-token (& cookie) are valid for a given (service configurable) lifespan.
> Once the authentication-token (& cookie) is issued, the authentication logic will not be triggered until the authentication-token expires.
> This behavior does not work well with delegation tokens expected behavior where delegation tokens can be canceled at any time.
> Having ephemeral authentication (which is check on every request) would address this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira