Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C73BA10064 for ; Sun, 2 Nov 2014 21:47:35 +0000 (UTC) Received: (qmail 87827 invoked by uid 500); 2 Nov 2014 21:47:35 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 87771 invoked by uid 500); 2 Nov 2014 21:47:35 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 87756 invoked by uid 99); 2 Nov 2014 21:47:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 02 Nov 2014 21:47:34 +0000 Date: Sun, 2 Nov 2014 21:47:34 +0000 (UTC) From: "Yongjun Zhang (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HADOOP-10895: ----------------------------------- Release Note: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property "ipc.client.fallback-to-simple-auth-allowed" to "true" to enable it. was: Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is supported by default. After the fix, user need to set configuration property "ipc.client.fallback-to-simple-auth-allowed" to "true" to enable the fallback. > HTTP KerberosAuthenticator fallback should have a flag to disable it > -------------------------------------------------------------------- > > Key: HADOOP-10895 > URL: https://issues.apache.org/jira/browse/HADOOP-10895 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.4.1 > Reporter: Alejandro Abdelnur > Assignee: Yongjun Zhang > Priority: Blocker > Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch, HADOOP-10895.004.patch > > > Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698. -- This message was sent by Atlassian JIRA (v6.3.4#6332)