[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14195872#comment-14195872
]
Yongjun Zhang commented on HADOOP-10895:
----------------------------------------
HI Guys,
Thanks a lot for the review/feedback/discussion so far.
HI [~tucu00],
To address yours comments, I uploaded a slightly modified version of rev3
(rev3v1) with a {{getDefaultAuthenticatorInstance}} method.
About your suggestion,
{quote}
IMO, the fallback is a concern of the {{KerberosAuthenticator}}, not of the
{{AuthenticatedURL}}.
I would add the methods, both static and instance versions, to the
KerberosAuthenticator, and instance version to the
DelegationTokenKerberosAuthenticator (the static version will feed from the
KerberosAuthenticator.
{quote}
I agree that only {{KerberosAuthenticator}} and
{{DelegationTokenKerberosAuthenticator}} are relevant here. Please notice that
in rev3 all the authenticator types have the instance interface (see
Authenticator.java) in rev3. The remaining thing that I would like to discuss
a bit more is about where to put the static version interface.
Assume that we put the static interface to the two classes
{{KerberosAuthenticator}} and {{DelegationTokenKerberosAuthenticator}}. The
type of the default authenticator in AuthenticatedURL (and
DelegationTokenAuthenticatedURL) may or may not be these two
classes because the client code is allowed to set the default authenticator
type. That means, when AuthenticatedURL create a default authenticator, it need
to check the type of the authenticator and do things differently for different
types, I'm worried that this may not be that clean. So I haven't done this yet.
I intend to use patch rev3v1 for further discussion. Many thanks for taking a
look and comment again.
> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
> Key: HADOOP-10895
> URL: https://issues.apache.org/jira/browse/HADOOP-10895
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Yongjun Zhang
> Priority: Blocker
> Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
> HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.004.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
> delegation token version coming in with HADOOP-10771 should have a flag to
> disable fallback to pseudo, similarly to the one that was introduced in
> Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
