Thomas Tauber-Marshall created IMPALA-10381:
-----------------------------------------------
Summary: Fix overloading of --ldap_passwords_in_clear_ok
Key: IMPALA-10381
URL: https://issues.apache.org/jira/browse/IMPALA-10381
Project: IMPALA
Issue Type: Improvement
Affects Versions: Impala 4.0
Reporter: Thomas Tauber-Marshall
Assignee: Thomas Tauber-Marshall
The --ldap_passwords_in_clear_ok flag was originally intended to allow
configurations where Impala connects to LDAP without SSL, for testing purposes.
Since then, two other uses of the flag have been added: 1) for controlling
whether cookies include the 'Secure' attribute and 2) for controlling whether
the webserver allows LDAP auth to be enabled if SSL isn't.
Some use cases may prefer to control these values separately - for example, in
a Kubernetes environment there may be SSL termination that happens at the
ingress such that SSL isn't enabled on the webserver but its still safe to have
LDAP auth enabled, in which case the 'Secure' attribute is still desired for
cookies.
We should separate this out into 3 different flags. Because the flag was marked
'for testing only', I don't think this needs to be considered a breaking change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
