[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196866#comment-14196866
]
Yongjun Zhang commented on HADOOP-10895:
----------------------------------------
Hi Guys,
If we make the default constructor of KerberosAuthenticator and
KerberosDelegationTokenAuthenticator to apply the static boolean
allowDefaultAuthToFallbackToPseudo in KerberosAuthenticator, then we can
continue to use the {{DEFAULT_AUTHENTICATOR.newInstance()}} call in class
AuthenticatedURL and DelegationTokenAuthenticatedURL, and it would look cleaner.
E.g., change
{code}
public KerberosAuthenticator() {
this(false);
}
{code}
to
{code}
public KerberosAuthenticator() {
this(allowDefaultAuthToFallbackToPseudo);
}
{code}
The suggested {{getDefaultAuthenticatorInstance()}} method would simply be
{{DEFAULT_AUTHENTICATOR.newInstance()}} .
> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
> Key: HADOOP-10895
> URL: https://issues.apache.org/jira/browse/HADOOP-10895
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Yongjun Zhang
> Priority: Blocker
> Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
> HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
> HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
> delegation token version coming in with HADOOP-10771 should have a flag to
> disable fallback to pseudo, similarly to the one that was introduced in
> Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
