[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14195295#comment-14195295 ]
Robert Kanter commented on HADOOP-10895: ---------------------------------------- I discussed this with [~yzhangal] and he showed me the security issue at that link from ATM's comment. If my understanding is correct, the problem with allowing fallback is that a man-in-the-middle attack could trick the client into giving it information without needing Kerberos credentials. For example, if a malicious fake NameNode somehow tricked a client into talking to it instead of the real NameNode, it normally would have a problem because it would have to get valid Kerberos credentials to actually talk to the client. However, with the fallback enabled, it could trick the client into falling back to pseudo auth, where it could then continue talking to the client, and getting potentially sensitive information from it (e.g. you're trying to upload a file with social security numbers in it or something). In that case, we should disable this and we'll just have to break compatibility. Projects depending on the fallback behavior will have to update their code to enable it, or decide that they don't want to allow the fallback anymore. > HTTP KerberosAuthenticator fallback should have a flag to disable it > -------------------------------------------------------------------- > > Key: HADOOP-10895 > URL: https://issues.apache.org/jira/browse/HADOOP-10895 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.4.1 > Reporter: Alejandro Abdelnur > Assignee: Yongjun Zhang > Priority: Blocker > Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, > HADOOP-10895.003.patch, HADOOP-10895.004.patch > > > Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the > delegation token version coming in with HADOOP-10771 should have a flag to > disable fallback to pseudo, similarly to the one that was introduced in > Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)