[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194710#comment-14194710 ]
Yongjun Zhang commented on HADOOP-10895: ---------------------------------------- A further thought, we are not removing pre-existing DEFAULT_AUTHENTICATOR related interface to be safe, * rev3 approach is to have a static boolean member in AuthenticatedURL to remember whether fallback is supported (set by method {{AuthenticatedURL#setAllowDefaultAuthToFallbackToPseudo}}), and apply it when creating an authenticator if the client doesn't pass one. The authenticator created here is dynamic instead of static. *the suggested change is to create a static authenticator when {{AuthenticatedURL#setAllowDefaultAuthToFallbackToPseudo}} is called. A static authenticator of type DEFAULT_AUTHENTICATOR is created here. Notice that when {{AuthenticatedURL#setDefaultAuthenticator}} is called, the value of DEFAULT_AUTHENTICATOR is reset, so we need to create the static authenticator object again even if it was created already. So the new suggested change is essentially the same as rev3 from client side point of view. The difference is when to create the object and whether we create dynamic or static default authenticator object, which is transparent to client. Thanks. > HTTP KerberosAuthenticator fallback should have a flag to disable it > -------------------------------------------------------------------- > > Key: HADOOP-10895 > URL: https://issues.apache.org/jira/browse/HADOOP-10895 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.4.1 > Reporter: Alejandro Abdelnur > Assignee: Yongjun Zhang > Priority: Blocker > Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, > HADOOP-10895.003.patch, HADOOP-10895.004.patch > > > Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the > delegation token version coming in with HADOOP-10771 should have a flag to > disable fallback to pseudo, similarly to the one that was introduced in > Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)