hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongjun Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10895) HTTP KerberosAuthenticator fallback should have a flag to disable it
Date Mon, 03 Nov 2014 06:17:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194292#comment-14194292

Yongjun Zhang commented on HADOOP-10895:

BTW [~tucu00],  

My interpretation of creating a static object is to replace
private static Class<? extends Authenticator> DEFAULT_AUTHENTICATOR = KerberosAuthenticator.class;
in AuthenticatedURLwith a real authenticator object, and create the obecject when setAllowFallback()
is called.

This means we need to remove the methods in AuthenticatedURL that set/get DEFAULT_AUTHENTICATOR.

Would you please confirm whether my interpretation is correct? And if we have to make the
interface change in AuthenticatedURL like this, is there any compatibility issue? 

Or you meant we will need to keep the pre-existing DEFAULT_AUTHENTICATOR, and don't touch
its accessor interface, but introduce a new static authenticator object to co-exist with DEFAULT_AUTHENTICATOR?

Actually rev3 tries to solve the problem along this direction. However,  instead of creating
an authenticator object, rev3  introduced a boolean variable in AuthenticatedURl to indicate
whether the DEFAULT_AUTHENTICATOR to be created need to allow fallback. So the interface to
set/get DEFAULT_AUTHENTICATOR is not touched in rev3.

Thanks a lot.

> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>                 Key: HADOOP-10895
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10895
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Yongjun Zhang
>            Priority: Blocker
>         Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch, HADOOP-10895.003.patch,
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the delegation token
version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly
to the one that was introduced in Hadoop RPC client with HADOOP-9698.

This message was sent by Atlassian JIRA

View raw message