joshelser commented on a change in pull request #884: HBASE-23347 Allowable
custom authentication methods for RPCs
URL: https://github.com/apache/hbase/pull/884#discussion_r353874097
##########
File path:
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java
##########
@@ -762,18 +748,17 @@ protected final boolean processPreamble(ByteBuffer
preambleBuffer) throws IOExce
return false;
}
}
- if (!this.rpcServer.isSecurityEnabled && authMethod != AuthMethod.SIMPLE) {
- doRawSaslReply(SaslStatus.SUCCESS, new
IntWritable(SaslUtil.SWITCH_TO_SIMPLE_AUTH), null,
- null);
- authMethod = AuthMethod.SIMPLE;
- // client has already sent the initial Sasl message and we
- // should ignore it. Both client and server should fall back
- // to simple auth from now on.
- skipInitialSaslHandshake = true;
- }
- if (authMethod != AuthMethod.SIMPLE) {
- useSasl = true;
- }
+ // TODO can we remove this fallback? Is this even a good idea?
Review comment:
Hmm that'd be great (if that fallback was off by default). Lemme check.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
