[ https://issues.apache.org/jira/browse/HADOOP-11701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14378643#comment-14378643 ]
Chris Nauroth commented on HADOOP-11701: ---------------------------------------- Hi Yongjun. I think we'd want a client-specified policy that describes which clusters for which it is willing to use fallback. One possible implementation choice is a configuration property that contains a list of network addresses (host + port) for which fallback is acceptable. This is nice for usability too. A cluster administrator could put it into core-site.xml for all jobs to use, and then users wouldn't need to specify {{-Dipc.client.fallback-to-simple-auth-allowed=true}} manually on individual jobs. > RPC authentication fallback option should support enabling fallback only for > specific connections. > -------------------------------------------------------------------------------------------------- > > Key: HADOOP-11701 > URL: https://issues.apache.org/jira/browse/HADOOP-11701 > Project: Hadoop Common > Issue Type: Improvement > Components: ipc, security > Reporter: Chris Nauroth > > We currently support the {{ipc.client.fallback-to-simple-auth-allowed}} > configuration property so that a client configured with security can fallback > to simple authentication when communicating with an unsecured server. This > is a global property that enables the fallback behavior for all RPC > connections, even though fallback is only desirable for clusters that are > known to be unsecured. This issue proposes to support configurability of > fallback on specific connections, not all connections globally. -- This message was sent by Atlassian JIRA (v6.3.4#6332)