[jira] [Commented] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it

Sun, 02 Nov 2014 20:13:08 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194230#comment-14194230
 ] 

Yongjun Zhang commented on HADOOP-10895:
----------------------------------------

HI [~hitliuyi],

Thanks a lot for your review and comments!  I agree with you that though this 
jira looks simple but it's kind of tricky.

I think rev3 is quite close to what you suggested. When I tried to address 
Robert's comments (especially comment #4), I came up with the idea of enforcing 
user to pass an authenticator to AuthenticatedUR (in rev4), because I thought 
if a client need to solve the issue here, the client code need to be changed 
anyways. But I agree with you that keeping the old interface is likely better.

I think going with the approach in rev3 works with me too. Would you comment on 
rev3 if you have time? I will look into improving rev3 to address both Robert's 
and your comments.

Hi [~rkanter], thanks for your earlier comments. About your comment #4 of using 
property, the problem is that we need a way to communicate the property to 
AuthenticatedURL etc, which we don't have interface to do so. Thus it appears 
to me that it's unavoidable to add new interface (rev3) or enforcing user to 
pass an authenticator object (rev4). But I will discuss with you about it.

Thanks again!



> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
>                 Key: HADOOP-10895
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10895
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Yongjun Zhang
>            Priority: Blocker
>         Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, 
> HADOOP-10895.003.patch, HADOOP-10895.004.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the 
> delegation token version coming in with HADOOP-10771 should have a flag to 
> disable fallback to pseudo, similarly to the one that was introduced in 
> Hadoop RPC client with HADOOP-9698.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to