[
https://issues.apache.org/jira/browse/IMPALA-10381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thomas Tauber-Marshall resolved IMPALA-10381.
---------------------------------------------
Resolution: Fixed
> Fix overloading of --ldap_passwords_in_clear_ok
> -----------------------------------------------
>
> Key: IMPALA-10381
> URL: https://issues.apache.org/jira/browse/IMPALA-10381
> Project: IMPALA
> Issue Type: Improvement
> Affects Versions: Impala 4.0
> Reporter: Thomas Tauber-Marshall
> Assignee: Thomas Tauber-Marshall
> Priority: Major
>
> The --ldap_passwords_in_clear_ok flag was originally intended to allow
> configurations where Impala connects to LDAP without SSL, for testing
> purposes.
> Since then, two other uses of the flag have been added: 1) for controlling
> whether cookies include the 'Secure' attribute and 2) for controlling whether
> the webserver allows LDAP auth to be enabled if SSL isn't.
> Some use cases may prefer to control these values separately - for example,
> in a Kubernetes environment there may be SSL termination that happens at the
> ingress such that SSL isn't enabled on the webserver but its still safe to
> have LDAP auth enabled, in which case the 'Secure' attribute is still desired
> for cookies.
> We should separate this out into 3 different flags. Because the flag was
> marked 'for testing only', I don't think this needs to be considered a
> breaking change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
