[jira] [Commented] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it

Fri, 31 Oct 2014 17:39:07 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14192826#comment-14192826
 ] 

Robert Kanter commented on HADOOP-10895:
----------------------------------------

I took a closer look and had a few comments:
# In {{TestPseudoAuthenticator}}, you don't need to change the fallback to 
{{true}}.  The {{PseudoAuthenticator}} can't actually fallback (in fact, the 
setter doesn't do anything).
# It looks like most of the tests enable the fallback behavior.  If the default 
is going to be not to fallback, I think the tests should be updated to not 
require falling back (unless the test is specifically testing something that 
requires fallback to be enabled).
# Can you add a test that verifies that you can't fallback when it's disabled?
# Setting "ipc.client.fallback-to-simple-auth-allowed" is only going to work 
for the KMS.  If I want to create a {{KerberosAuthenticator}} that allows 
fallback, I have to call the {{setAllowDefaultAuthToFallbackToPseudo}} method.  
However, once I add that call, if I also wanted to allow my code to be compiled 
against a previous version of Hadoop, it won't compile now.  The nice thing 
about having a property config to enable/disable this is that it doesn't 
breaking compiling.  In other words, it would be nice if I could set a property 
config to enable the fallback: this would allow the fallback going forward but 
still allow the code to work with earlier Hadoop versions (they would just 
ignore the property).

> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
>                 Key: HADOOP-10895
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10895
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Yongjun Zhang
>            Priority: Blocker
>         Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, 
> HADOOP-10895.003.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the 
> delegation token version coming in with HADOOP-10771 should have a flag to 
> disable fallback to pseudo, similarly to the one that was introduced in 
> Hadoop RPC client with HADOOP-9698.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to