You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Alejandro Abdelnur (Commented) (JIRA)" <ji...@apache.org> on 2012/02/09 22:34:57 UTC
[jira] [Commented] (HADOOP-8043) KerberosAuthenticationFilter and
friends have some problems
[ https://issues.apache.org/jira/browse/HADOOP-8043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13204898#comment-13204898 ]
Alejandro Abdelnur commented on HADOOP-8043:
--------------------------------------------
Regarding #2, i'm a bit confused here, this is already done by in the AuthenticationFilterInitializer, and this is branch-1 already. The code in the filter is generic to integrate in other systems. Also in your patch you are moving the logincontext initialization from the init() to the authenticate() method. This would trigger logincontext initialization every single request, it does not seem correct.
> KerberosAuthenticationFilter and friends have some problems
> -----------------------------------------------------------
>
> Key: HADOOP-8043
> URL: https://issues.apache.org/jira/browse/HADOOP-8043
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 1.0.0
> Reporter: Allen Wittenauer
> Priority: Critical
> Attachments: HADOOP-8043-branch-1.0.txt
>
>
> KerberosAuthenticationFilter and friends have three killer usability issues and bugs:
> 1. Documentation is misleading/wrong.
> 2. Shared secret stored in a world readable file.
> 3. Lacks support for _HOST macro
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira