[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194182#comment-14194182 ]
Yi Liu commented on HADOOP-10895: --------------------------------- Hi [~yzhangal], your patch has a big impact, and my suggestion is to make it small. Also I would like to hear other committers' comments, since it looks simple, but trick. * I see you remove existing APIs/Constructor from AuthenticatedURL.java and DelegationTokenAuthenticatedURL.java, it's not a good practice. It will break others who are using {{hadoop-auth}} * we don't need get fallback for Authenticator, and only need set {code} public void setAllowFallback(boolean allowFallback); {code} * I suggest only add a simple method to AuthenticatedURL, and no need change for DelegationTokenAuthenticatedURL {code} public void setAllowAuthenticatorFallback(boolean allowFallback) { authenticator.setAllowFallback(allowFallback); } {code} * Other places just need to call {{setAllowAuthenticatorFallback}} of AuthenticatedURL or {{setAllowFallback}} of Authenticator. Then it's more simpler. > HTTP KerberosAuthenticator fallback should have a flag to disable it > -------------------------------------------------------------------- > > Key: HADOOP-10895 > URL: https://issues.apache.org/jira/browse/HADOOP-10895 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.4.1 > Reporter: Alejandro Abdelnur > Assignee: Yongjun Zhang > Priority: Blocker > Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, > HADOOP-10895.003.patch, HADOOP-10895.004.patch > > > Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the > delegation token version coming in with HADOOP-10771 should have a flag to > disable fallback to pseudo, similarly to the one that was introduced in > Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)