[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14254259#comment-14254259
]
Robert Kanter commented on HADOOP-10895:
----------------------------------------
Just to clarify one thing about Line A above: I don't remember the JIRA number,
but at one point that if statement also checked the HTTP header for an
AUTHORIZATION flag (or something like that), so that it would only pass when
using Kerberos. We had to remove that because Java hides that flag, so it
wasn't working right. I think one solution to this issue is to add a similar
condition to the if statement on Line A to only pass when using security; I'm
just not sure what check we can do for that.
> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
> Key: HADOOP-10895
> URL: https://issues.apache.org/jira/browse/HADOOP-10895
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Yongjun Zhang
> Priority: Blocker
> Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
> HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
> HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
> HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
> HADOOP-10895.008.patch, HADOOP-10895.009.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
> delegation token version coming in with HADOOP-10771 should have a flag to
> disable fallback to pseudo, similarly to the one that was introduced in
> Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
