[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HADOOP-10895:
-
Target Version/s: (was: )
Status: Open (was: Patch Available)
I'm downgrading this to just "Critical" since it seems like there's no one
actively working on it.
> HTTP KerberosAuthenticator fallback should have a flag to disable it
>
>
> Key: HADOOP-10895
> URL: https://issues.apache.org/jira/browse/HADOOP-10895
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 2.4.1
>Reporter: Alejandro Abdelnur
>Assignee: Yongjun Zhang
>Priority: Critical
> Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
> HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
> HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
> HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
> HADOOP-10895.008.patch, HADOOP-10895.009.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
> delegation token version coming in with HADOOP-10771 should have a flag to
> disable fallback to pseudo, similarly to the one that was introduced in
> Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HADOOP-10895:
-
Priority: Critical (was: Blocker)
> HTTP KerberosAuthenticator fallback should have a flag to disable it
>
>
> Key: HADOOP-10895
> URL: https://issues.apache.org/jira/browse/HADOOP-10895
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 2.4.1
>Reporter: Alejandro Abdelnur
>Assignee: Yongjun Zhang
>Priority: Critical
> Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
> HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
> HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
> HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
> HADOOP-10895.008.patch, HADOOP-10895.009.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
> delegation token version coming in with HADOOP-10771 should have a flag to
> disable fallback to pseudo, similarly to the one that was introduced in
> Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated HADOOP-10895:
--
Target Version/s: 3.0.0 (was: 2.8.0)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch, HADOOP-10895.009.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated HADOOP-10895:
--
Labels: (was: BB2015-05-TBR)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch, HADOOP-10895.009.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated HADOOP-10895:
--
Labels: BB2015-05-TBR (was: )
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Labels: BB2015-05-TBR
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch, HADOOP-10895.009.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kumar Vavilapalli updated HADOOP-10895:
-
Target Version/s: 2.8.0 (was: 2.7.0)
Tx for the response [~yzhangal]. Moving this out to 2.8. while we discuss more.
I'll spend more time on this a bit later, but [~yzhangal], can you in the mean
while work with others to see if it *needs* to be an incompatible change?
Thanks.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch, HADOOP-10895.009.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.009.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch, HADOOP-10895.009.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Release Note:
Prior to this fix, the fallback from kerberos authenticator to pseudo
authenticator is enabled as hardcoded. After the fix, the fallback is disabled
by default, and user need to set configuration property
ipc.client.fallback-to-simple-auth-allowed to true to enable it.
Application may also call
KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at
initialization time to change the default to true, or uses the non-default
constructor of KerberosAuthenticator and KerberosDelegationTokenAuthenticator
to change the per-authenticator setting.
was:
Prior to this fix, the fallback from kerberos authenticator to pseudo
authenticator is enabled as hardcoded. After the fix, the fallback is disabled
by default, and user need to set configuration property
ipc.client.fallback-to-simple-auth-allowed to true to enable it.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch, HADOOP-10895.009.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Release Note:
Prior to this fix, the fallback from kerberos authenticator to pseudo
authenticator is enabled as hardcoded. After the fix, the fallback is disabled
by default, and user need to set configuration property
ipc.client.fallback-to-simple-auth-allowed to true to enable it.
Application may also call
KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at
initialization time to change the default to true, or uses the non-default
constructors of KerberosAuthenticator and KerberosDelegationTokenAuthenticator
to change the per-authenticator setting.
was:
Prior to this fix, the fallback from kerberos authenticator to pseudo
authenticator is enabled as hardcoded. After the fix, the fallback is disabled
by default, and user need to set configuration property
ipc.client.fallback-to-simple-auth-allowed to true to enable it.
Application may also call
KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at
initialization time to change the default to true, or uses the non-default
constructor of KerberosAuthenticator and KerberosDelegationTokenAuthenticator
to change the per-authenticator setting.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch, HADOOP-10895.009.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arun C Murthy updated HADOOP-10895:
---
Target Version/s: 2.7.0 (was: 2.6.0)
Thanks for your patience and understanding [~yzhangal]... not to mention your
contributions, please keep them coming.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.008.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: (was: HADOOP-10895.008.patch)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.008.patch
Updated rev008 to address the javadoc warning.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch,
HADOOP-10895.008.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.006.patch
Uploaded rev 006, with two improvements on top of 005:
* Added and improved some javadocs
* Separate testcases that need fallback from those don't, and config them
separately.
Thanks.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.007.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.003v2.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.004.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.003v2improved.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: (was: HADOOP-10895.003v2improved.patch)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.004.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.003v2improved.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.005.patch
Uploaded rev 005 per the last comment I made (I made the default constructor
to use the static setting of fallback).
The other revs I submitted earlier today were kind of for discussion purpose. I
think the latest one (005) is cleaner. I'd appreciate that you guys can help
with another round of review.
Thanks a lot.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yi Liu updated HADOOP-10895:
Assignee: Yongjun Zhang (was: Yi Liu)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch,
HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch,
HADOOP-10895.005.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.003v1.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.004.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: (was: HADOOP-10895.004.patch)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.004.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.004.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Release Note:
Prior to this fix, the fallback from kerberos authenticator to pseudo
authenticator is enabled as hardcoded. After the fix, the fallback is disabled
by default, and user need to set configuration property
ipc.client.fallback-to-simple-auth-allowed to true to enable it.
was:
Prior to this fix, the fallback from kerberos authenticator to pseudo
authenticator is supported by default. After the fix, user need to set
configuration property ipc.client.fallback-to-simple-auth-allowed to true
to enable the fallback.
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch, HADOOP-10895.004.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Labels: incompatibleChange (was: )
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Labels: incompatibleChange
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Release Note:
Prior to this fix, the fallback from kerberos authenticator to pseudo
authenticator is supported by default. After the fix, user need to set
configuration property ipc.client.fallback-to-simple-auth-allowed to true
to enable the fallback.
Hadoop Flags: Incompatible change
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Labels: (was: incompatibleChange)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.002.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.003.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
HADOOP-10895.003.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Status: Patch Available (was: Open)
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HADOOP-10895:
---
Attachment: HADOOP-10895.001.patch
HTTP KerberosAuthenticator fallback should have a flag to disable it
Key: HADOOP-10895
URL: https://issues.apache.org/jira/browse/HADOOP-10895
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Alejandro Abdelnur
Assignee: Yongjun Zhang
Priority: Blocker
Attachments: HADOOP-10895.001.patch
Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
delegation token version coming in with HADOOP-10771 should have a flag to
disable fallback to pseudo, similarly to the one that was introduced in
Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
