[jira] [Commented] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it

Sun, 02 Nov 2014 22:18:13 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194292#comment-14194292
 ] 

Yongjun Zhang commented on HADOOP-10895:
----------------------------------------

BTW [~tucu00],  

My interpretation of creating a static object is to replace
{code}
private static Class<? extends Authenticator> DEFAULT_AUTHENTICATOR = 
KerberosAuthenticator.class;
{quote}
in AuthenticatedURLwith a real authenticator object, and create the obecject 
when setAllowFallback() is called.

This means we need to remove the methods in AuthenticatedURL that set/get 
DEFAULT_AUTHENTICATOR. 

Would you please confirm whether my interpretation is correct? And if we have 
to make the interface change in AuthenticatedURL like this, is there any 
compatibility issue? 

Or you meant we will need to keep the pre-existing DEFAULT_AUTHENTICATOR, and 
don't touch its accessor interface, but introduce a new static authenticator 
object to co-exist with DEFAULT_AUTHENTICATOR?

Actually rev3 tries to solve the problem along this direction. However,  
instead of creating an authenticator object, rev3  introduced a boolean 
variable in AuthenticatedURl to indicate whether the DEFAULT_AUTHENTICATOR to 
be created need to allow fallback. So the interface to set/get 
DEFAULT_AUTHENTICATOR is not touched in rev3.

Thanks a lot.




> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
>                 Key: HADOOP-10895
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10895
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Yongjun Zhang
>            Priority: Blocker
>         Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, 
> HADOOP-10895.003.patch, HADOOP-10895.004.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the 
> delegation token version coming in with HADOOP-10771 should have a flag to 
> disable fallback to pseudo, similarly to the one that was introduced in 
> Hadoop RPC client with HADOOP-9698.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to