> On 2011-11-24 01:42:37, Angelo K. Huang wrote: > > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92 > > <https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92> > > > > We should let user decide what kind of auth he/she wants to use. Ex. > > > > -auth simple > > -auth kerberos > > Alejandro Abdelnur wrote: > The client does not decide the authentication of the server. > > For example, out of the box the client handles both kerberos and simple > and it will do what the server responds. > > If you see the KerberosAuthenticator implementation delegates to the > SimpleAuthenticator. > > If you have a custom mechanism you could do the same, delegating to > KerberosAuthenticator which in turn will delegate to SimpleAuthenticator. > >
Actually, there is one case which could be tricky to implement. If I want to implement one password authenticator which allow users type their unix password, according to what you described above, this authenticator has to delegate to kerberos authenticator. That means a user has to always type password first and then fall back to kerberos even he/she intents to use kerberos in the beginning. What if the password auth also allows users to retype three times? If a user intents to use kerberos, he/she has to type three times of wrong password to make it failed and then fall back to kerberos. - Angelo K. ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3498 ----------------------------------------------------------- On 2011-11-24 16:45:59, Alejandro Abdelnur wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/2875/ > ----------------------------------------------------------- > > (Updated 2011-11-24 16:45:59) > > > Review request for oozie. > > > Summary > ------- > > Using hadoop-auth (Alfredo) 0.23.0. > > Currently using SNAPSHOT because 0.23.0 artifacts have not be published to > Apache Maven repo yet. > > > This addresses bug OOZIE-77. > https://issues.apache.org/jira/browse/OOZIE-77 > > > Diffs > ----- > > /trunk/client/pom.xml 1205923 > /trunk/client/src/main/bin/oozie 1205923 > /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923 > /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java > PRE-CREATION > /trunk/core/pom.xml 1205923 > /trunk/core/src/main/conf/oozie-log4j.properties 1205923 > /trunk/core/src/main/conf/oozie-site.xml 1205923 > /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java > PRE-CREATION > /trunk/core/src/main/resources/oozie-default.xml 1205923 > /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java > 1205923 > > /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java > PRE-CREATION > /trunk/docs/src/site/twiki/AG_Install.twiki 1205923 > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923 > /trunk/pom.xml 1205923 > /trunk/webapp/pom.xml 1205923 > /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923 > > Diff: https://reviews.apache.org/r/2875/diff > > > Testing > ------- > > > Thanks, > > Alejandro > >
