[
https://issues.apache.org/jira/browse/HADOOP-11701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14377295#comment-14377295
]
Yongjun Zhang commented on HADOOP-11701:
----------------------------------------
Hi [~cnauroth],
Thanks for creating this jira. I have a question, with HDFS-6776 fix, insecure
cluster would return null delegation token and secure cluster will return
non-null delegation token. The fallback may happen only for null delegation
token, which means insecure cluster only. So whether a token is null here serve
the purpose of distinguishing between cluster that we want to fallback and the
other cluster that we don't. Is that not sufficient? Thanks.
> RPC authentication fallback option should support enabling fallback only for
> specific connections.
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-11701
> URL: https://issues.apache.org/jira/browse/HADOOP-11701
> Project: Hadoop Common
> Issue Type: Improvement
> Components: ipc, security
> Reporter: Chris Nauroth
>
> We currently support the {{ipc.client.fallback-to-simple-auth-allowed}}
> configuration property so that a client configured with security can fallback
> to simple authentication when communicating with an unsecured server. This
> is a global property that enables the fallback behavior for all RPC
> connections, even though fallback is only desirable for clusters that are
> known to be unsecured. This issue proposes to support configurability of
> fallback on specific connections, not all connections globally.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
