You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Harsh J (JIRA)" <ji...@apache.org> on 2012/11/09 19:00:13 UTC

[jira] [Created] (HADOOP-9023) HttpFs is too restrictive on usernames

Harsh J created HADOOP-9023:
-------------------------------

             Summary: HttpFs is too restrictive on usernames
                 Key: HADOOP-9023
                 URL: https://issues.apache.org/jira/browse/HADOOP-9023
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: Harsh J


HttpFs tries to use UserProfile.USER_PATTERN to match all usernames before a doAs impersonation function. This regex is too strict for most usernames, as it disallows any special character at all. We should relax it more or ditch needing to match things there.

WebHDFS currently has no such limitations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HADOOP-9023) HttpFs is too restrictive on usernames

Posted by "Harsh J (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-9023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494237#comment-13494237 ] 

Harsh J commented on HADOOP-9023:
---------------------------------

That makes sense and is also more relaxed than the current matcher I think.
                
> HttpFs is too restrictive on usernames
> --------------------------------------
>
>                 Key: HADOOP-9023
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9023
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Harsh J
>
> HttpFs tries to use UserProfile.USER_PATTERN to match all usernames before a doAs impersonation function. This regex is too strict for most usernames, as it disallows any special character at all. We should relax it more or ditch needing to match things there.
> WebHDFS currently has no such limitations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HADOOP-9023) HttpFs is too restrictive on usernames

Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-9023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494197#comment-13494197 ] 

Alejandro Abdelnur commented on HADOOP-9023:
--------------------------------------------

In a secure setup the user names must match a Unix user name. [a-z_][a-z0-9_-]*[$] with a min/max of 1/31

The correct thing to do would be the USER_PATTERN to enforce the same pattern as UNIX, both in HttpFS and in WebHDFS
                
> HttpFs is too restrictive on usernames
> --------------------------------------
>
>                 Key: HADOOP-9023
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9023
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Harsh J
>
> HttpFs tries to use UserProfile.USER_PATTERN to match all usernames before a doAs impersonation function. This regex is too strict for most usernames, as it disallows any special character at all. We should relax it more or ditch needing to match things there.
> WebHDFS currently has no such limitations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira