[
https://issues.apache.org/jira/browse/HADOOP-11701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14378643#comment-14378643
]
Chris Nauroth commented on HADOOP-11701:
----------------------------------------
Hi Yongjun. I think we'd want a client-specified policy that describes which
clusters for which it is willing to use fallback. One possible implementation
choice is a configuration property that contains a list of network addresses
(host + port) for which fallback is acceptable. This is nice for usability
too. A cluster administrator could put it into core-site.xml for all jobs to
use, and then users wouldn't need to specify
{{-Dipc.client.fallback-to-simple-auth-allowed=true}} manually on individual
jobs.
> RPC authentication fallback option should support enabling fallback only for
> specific connections.
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-11701
> URL: https://issues.apache.org/jira/browse/HADOOP-11701
> Project: Hadoop Common
> Issue Type: Improvement
> Components: ipc, security
> Reporter: Chris Nauroth
>
> We currently support the {{ipc.client.fallback-to-simple-auth-allowed}}
> configuration property so that a client configured with security can fallback
> to simple authentication when communicating with an unsecured server. This
> is a global property that enables the fallback behavior for all RPC
> connections, even though fallback is only desirable for clusters that are
> known to be unsecured. This issue proposes to support configurability of
> fallback on specific connections, not all connections globally.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
