hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongjun Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
Date Tue, 04 Nov 2014 21:35:35 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196866#comment-14196866
] 

Yongjun Zhang commented on HADOOP-10895:
----------------------------------------

Hi Guys, 

If we make the default constructor of KerberosAuthenticator and KerberosDelegationTokenAuthenticator
to apply the static boolean allowDefaultAuthToFallbackToPseudo in KerberosAuthenticator, then
we can continue to use the {{DEFAULT_AUTHENTICATOR.newInstance()}} call in class AuthenticatedURL
and DelegationTokenAuthenticatedURL, and it would look cleaner.
E.g., change
{code}
 public KerberosAuthenticator() {
    this(false);
  }
{code}
to
{code}
 public KerberosAuthenticator() {
    this(allowDefaultAuthToFallbackToPseudo);
 }
{code}
The suggested {{getDefaultAuthenticatorInstance()}} method would simply be {{DEFAULT_AUTHENTICATOR.newInstance()}}
.


> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
>                 Key: HADOOP-10895
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10895
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Yongjun Zhang
>            Priority: Blocker
>         Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch,
HADOOP-10895.003v1.patch, HADOOP-10895.003v2.patch, HADOOP-10895.003v2improved.patch, HADOOP-10895.004.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token
version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly
to the one that was introduced in Hadoop RPC client with HADOOP-9698.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message