hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11701) RPC authentication fallback option should support enabling fallback only for specific connections.
Date Tue, 10 Mar 2015 20:55:38 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14355687#comment-14355687
] 

Chris Nauroth commented on HADOOP-11701:
----------------------------------------

The typical use case for RPC authentication fallback is a {{distcp}} from source unsecured
cluster A to destination secured cluster B.  When {{ipc.client.fallback-to-simple-auth-allowed}}
is enabled, the RPC client code allows fallback for connections to both A and B.  It would
be better if we gave users a way to specify that fallback is only enabled for A.

> RPC authentication fallback option should support enabling fallback only for specific
connections.
> --------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11701
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11701
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc, security
>            Reporter: Chris Nauroth
>
> We currently support the {{ipc.client.fallback-to-simple-auth-allowed}} configuration
property so that a client configured with security can fallback to simple authentication when
communicating with an unsecured server.  This is a global property that enables the fallback
behavior for all RPC connections, even though fallback is only desirable for clusters that
are known to be unsecured.  This issue proposes to support configurability of fallback on
specific connections, not all connections globally.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message