----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33659/#review82002 -----------------------------------------------------------
docs/security.md <https://reviews.apache.org/r/33659/#comment132578> The only weird thing is that IniRealm handles both AUTHN and AUTHZ. So there's a potential misconfiguration: ``` -shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHZ -http_authentication_mechanism=BASIC ``` This will cause IniRealm to get passed UsernamePasswordCredentials from Basic auth (and thus perform authentication), with Kerberos completely dark. How would you feel about naming this INI_AUTHNZ with a TODO to create INI_AUTHN and INI_AUTHZ realms that will only participate in one stage? - Kevin Sweeney On April 28, 2015, 9:45 p.m., Bill Farner wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/33659/ > ----------------------------------------------------------- > > (Updated April 28, 2015, 9:45 p.m.) > > > Review request for Aurora and Kevin Sweeney. > > > Bugs: AURORA-1290 > https://issues.apache.org/jira/browse/AURORA-1290 > > > Repository: aurora > > > Description > ------- > > I initially went down the path of a custom `Parser` that extended > `ModuleParser`, but it turns out that doesn't work. Parsers are identified > by type, and a specific parser on the `@CmdLine` arg would have to > reimplement the guts of `SetParser`. As a result, i decided it was more sane > to bake the shorthand list in our canonical parser of modules. > > > Diffs > ----- > > docs/security.md db2e92495661800ef513334568810f16fcf513e1 > examples/vagrant/upstart/aurora-scheduler-kerberos.conf > ef502b7dcc48c716f71ab5ce920084917564f6ff > > src/main/java/org/apache/aurora/scheduler/http/api/security/ModuleParser.java > c96821683b4569977d6d2b8ed657b0625bdd1903 > > Diff: https://reviews.apache.org/r/33659/diff/ > > > Testing > ------- > > End-to-end tests pass. > > > Thanks, > > Bill Farner > >