[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrew Wang updated HADOOP-10895: - Target Version/s: (was: ) Status: Open (was: Patch Available) I'm downgrading this to just "Critical" since it seems like there's no one actively working on it. > HTTP KerberosAuthenticator fallback should have a flag to disable it > > > Key: HADOOP-10895 > URL: https://issues.apache.org/jira/browse/HADOOP-10895 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.4.1 >Reporter: Alejandro Abdelnur >Assignee: Yongjun Zhang >Priority: Critical > Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, > HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, > HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, > HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, > HADOOP-10895.008.patch, HADOOP-10895.009.patch > > > Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the > delegation token version coming in with HADOOP-10771 should have a flag to > disable fallback to pseudo, similarly to the one that was introduced in > Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrew Wang updated HADOOP-10895: - Priority: Critical (was: Blocker) > HTTP KerberosAuthenticator fallback should have a flag to disable it > > > Key: HADOOP-10895 > URL: https://issues.apache.org/jira/browse/HADOOP-10895 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.4.1 >Reporter: Alejandro Abdelnur >Assignee: Yongjun Zhang >Priority: Critical > Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, > HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, > HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, > HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, > HADOOP-10895.008.patch, HADOOP-10895.009.patch > > > Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the > delegation token version coming in with HADOOP-10771 should have a flag to > disable fallback to pseudo, similarly to the one that was introduced in > Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated HADOOP-10895: -- Target Version/s: 3.0.0 (was: 2.8.0) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch, HADOOP-10895.009.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated HADOOP-10895: -- Labels: (was: BB2015-05-TBR) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch, HADOOP-10895.009.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated HADOOP-10895: -- Labels: BB2015-05-TBR (was: ) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Labels: BB2015-05-TBR Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch, HADOOP-10895.009.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod Kumar Vavilapalli updated HADOOP-10895: - Target Version/s: 2.8.0 (was: 2.7.0) Tx for the response [~yzhangal]. Moving this out to 2.8. while we discuss more. I'll spend more time on this a bit later, but [~yzhangal], can you in the mean while work with others to see if it *needs* to be an incompatible change? Thanks. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch, HADOOP-10895.009.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.009.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch, HADOOP-10895.009.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Release Note: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property ipc.client.fallback-to-simple-auth-allowed to true to enable it. Application may also call KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at initialization time to change the default to true, or uses the non-default constructor of KerberosAuthenticator and KerberosDelegationTokenAuthenticator to change the per-authenticator setting. was: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property ipc.client.fallback-to-simple-auth-allowed to true to enable it. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch, HADOOP-10895.009.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Release Note: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property ipc.client.fallback-to-simple-auth-allowed to true to enable it. Application may also call KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at initialization time to change the default to true, or uses the non-default constructors of KerberosAuthenticator and KerberosDelegationTokenAuthenticator to change the per-authenticator setting. was: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property ipc.client.fallback-to-simple-auth-allowed to true to enable it. Application may also call KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at initialization time to change the default to true, or uses the non-default constructor of KerberosAuthenticator and KerberosDelegationTokenAuthenticator to change the per-authenticator setting. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch, HADOOP-10895.009.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arun C Murthy updated HADOOP-10895: --- Target Version/s: 2.7.0 (was: 2.6.0) Thanks for your patience and understanding [~yzhangal]... not to mention your contributions, please keep them coming. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.008.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: (was: HADOOP-10895.008.patch) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.008.patch Updated rev008 to address the javadoc warning. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch, HADOOP-10895.008.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.006.patch Uploaded rev 006, with two improvements on top of 005: * Added and improved some javadocs * Separate testcases that need fallback from those don't, and config them separately. Thanks. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.007.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch, HADOOP-10895.006.patch, HADOOP-10895.007.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.003v2.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.004.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.003v2improved.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: (was: HADOOP-10895.003v2improved.patch) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.004.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.003v2improved.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.005.patch Uploaded rev 005 per the last comment I made (I made the default constructor to use the static setting of fallback). The other revs I submitted earlier today were kind of for discussion purpose. I think the latest one (005) is cleaner. I'd appreciate that you guys can help with another round of review. Thanks a lot. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu updated HADOOP-10895: Assignee: Yongjun Zhang (was: Yi Liu) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch, HADOOP-10895.005.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.003v1.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.003v1.patch, HADOOP-10895.004.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: (was: HADOOP-10895.004.patch) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.004.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.004.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Release Note: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property ipc.client.fallback-to-simple-auth-allowed to true to enable it. was: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is supported by default. After the fix, user need to set configuration property ipc.client.fallback-to-simple-auth-allowed to true to enable the fallback. HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.004.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Labels: incompatibleChange (was: ) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Labels: incompatibleChange Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Release Note: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is supported by default. After the fix, user need to set configuration property ipc.client.fallback-to-simple-auth-allowed to true to enable the fallback. Hadoop Flags: Incompatible change HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Labels: (was: incompatibleChange) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.002.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.003.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Status: Patch Available (was: Open) HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
[ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: --- Attachment: HADOOP-10895.001.patch HTTP KerberosAuthenticator fallback should have a flag to disable it Key: HADOOP-10895 URL: https://issues.apache.org/jira/browse/HADOOP-10895 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.4.1 Reporter: Alejandro Abdelnur Assignee: Yongjun Zhang Priority: Blocker Attachments: HADOOP-10895.001.patch Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)