[
https://issues.apache.org/jira/browse/HADOOP-10416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13946929#comment-13946929
]
Tsz Wo Nicholas Sze commented on HADOOP-10416:
----------------------------------------------
> ... Once the cookie expires, the user must present again his/her/its
> credentials (in the case of pseudo via user.name query string parameter).
> Using the cookie itself as the credentials is wrong.
[~tucu00], if anonymous is enabled, the expired cookie will be ignored and the
client will be authenticated as anonymous. The client won't be able to
authenticated using user.name. This is the problem.
If using the cookie itself as the credentials is wrong, we probably should
return an error for expired cookie. However, this will change the behavior for
both secure and non-secure setting.
> If there is an expired token, PseudoAuthenticationHandler should renew it
> -------------------------------------------------------------------------
>
> Key: HADOOP-10416
> URL: https://issues.apache.org/jira/browse/HADOOP-10416
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Tsz Wo Nicholas Sze
> Assignee: Tsz Wo Nicholas Sze
> Priority: Minor
> Attachments: c10416_20140321.patch, c10416_20140322.patch
>
>
> PseudoAuthenticationHandler currently only gets username from the "user.name"
> parameter. It should also renew expired auth token if it is available in the
> cookies.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
