phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lev Bronshtein (JIRA)" <>
Subject [jira] [Commented] (PHOENIX-4533) Phoenix Query Server should not use SPNEGO principal to proxy user requests
Date Wed, 31 Jan 2018 13:43:00 GMT


Lev Bronshtein commented on PHOENIX-4533:

Josh, I am having some trouble understanding why this line is being set in both tests
conf.setBoolean(QueryServices.QUERY_SERVER_DISABLE_KERBEROS_LOGIN, true);
Especially since this seems to turn off the specific parts we want to test

final boolean disableLogin = getConf().getBoolean(QueryServices.QUERY_SERVER_DISABLE_KERBEROS_LOGIN,


if (isKerberos && !disableSpnego && !disableLogin) {
hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
getConf().get(QueryServices.QUERY_SERVER_DNS_INTERFACE_ATTRIB, "default"),
getConf().get(QueryServices.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, "default")));
if (LOG.isDebugEnabled()) {
LOG.debug("Login to " + hostname + " using " + getConf().get(
+ " and principal " + getConf().get(
SecurityUtil.login(getConf(), QueryServices.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
QueryServices.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);"Login successful.");
} else {
hostname = InetAddress.getLocalHost().getHostName();" Kerberos is off and hostname is : "+hostname);

> Phoenix Query Server should not use SPNEGO principal to proxy user requests
> ---------------------------------------------------------------------------
>                 Key: PHOENIX-4533
>                 URL:
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Lev Bronshtein
>            Assignee: Lev Bronshtein
>            Priority: Minor
>         Attachments: PHOENIX-4533.1.patch
> Currently the HTTP/ principal is used by various components in the HADOOP ecosystem to
perform SPNEGO authentication.  Since there can only be one HTTP/ per host, even outside
of the Hadoop ecosystem, the keytab containing key material for local HTTP/ principal is shared
among a few applications.  With so many applications having access to the HTTP/ credentials,
this increases the chances of an attack on the proxy user capabilities of Hadoop.  This JIRA
proposes that two different key tabs can be used to
> 1. Authenticate kerberized web requests
> 2. Communicate with the phoenix back end

This message was sent by Atlassian JIRA

View raw message