Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10895

HTTP KerberosAuthenticator fallback should have a flag to disable it

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 2.4.1
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change
    • Release Note:
      Hide
      Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property "ipc.client.fallback-to-simple-auth-allowed" to "true" to enable it. Application may also call KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at initialization time to change the default to true, or uses the non-default constructors of KerberosAuthenticator and KerberosDelegationTokenAuthenticator to change the per-authenticator setting.
      Show
      Prior to this fix, the fallback from kerberos authenticator to pseudo authenticator is enabled as hardcoded. After the fix, the fallback is disabled by default, and user need to set configuration property "ipc.client.fallback-to-simple-auth-allowed" to "true" to enable it. Application may also call KerberosAuthenticator.setAllowFallbackToPseudoAuthDefault(true) at initialization time to change the default to true, or uses the non-default constructors of KerberosAuthenticator and KerberosDelegationTokenAuthenticator to change the per-authenticator setting.

      Description

      Per review feedback in HADOOP-10771, KerberosAuthenticator and the delegation token version coming in with HADOOP-10771 should have a flag to disable fallback to pseudo, similarly to the one that was introduced in Hadoop RPC client with HADOOP-9698.

        Attachments

        1. HADOOP-10895.001.patch
          41 kB
          Yongjun Zhang
        2. HADOOP-10895.002.patch
          41 kB
          Yongjun Zhang
        3. HADOOP-10895.003.patch
          51 kB
          Yongjun Zhang
        4. HADOOP-10895.003v1.patch
          49 kB
          Yongjun Zhang
        5. HADOOP-10895.003v2.patch
          52 kB
          Yongjun Zhang
        6. HADOOP-10895.003v2improved.patch
          49 kB
          Yongjun Zhang
        7. HADOOP-10895.004.patch
          65 kB
          Yongjun Zhang
        8. HADOOP-10895.005.patch
          43 kB
          Yongjun Zhang
        9. HADOOP-10895.006.patch
          52 kB
          Yongjun Zhang
        10. HADOOP-10895.007.patch
          49 kB
          Yongjun Zhang
        11. HADOOP-10895.008.patch
          53 kB
          Yongjun Zhang
        12. HADOOP-10895.009.patch
          53 kB
          Yongjun Zhang

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tucu00 Alejandro Abdelnur
              • Votes:
                0 Vote for this issue
                Watchers:
                16 Start watching this issue

                Dates

                • Created:
                  Updated: