[
https://issues.apache.org/jira/browse/HADOOP-18704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17720575#comment-17720575
]
Bryan Beaudreault edited comment on HADOOP-18704 at 5/8/23 4:19 PM:
--------------------------------------------------------------------
I don't think its feasible to hardcode the users in a config. There may be many
users in some environments, or operators may not know the full set at
configuration time. Also its sort of pointless because in non-secure mode
someone can set their username to whatever they want.
I suppose I could see how one could have the perspective that the feature is
dangerous. From my perspective, it seems like anyone who enables it should know
what they're doing – it's useful as a one-time migration from non-secure to
secure and should be disabled afterward. In that sense it doesn't seem very
dangerous to me and in fact its impractical that there is currently no way to
migrate to a secure mode without downtime.
was (Author: bbeaudreault):
I don't think its feasible to hardcode the users in a config, and also its sort
of pointless because in non-secure mode someone can set their username to
whatever they want.
> Support a "permissive" mode for secure clusters to allow "simple" auth clients
> ------------------------------------------------------------------------------
>
> Key: HADOOP-18704
> URL: https://issues.apache.org/jira/browse/HADOOP-18704
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Affects Versions: 3.4.0, 2.10.3, 3.2.5, 3.3.6
> Reporter: Ravi Kishore Valeti
> Priority: Major
>
> Similar to HBASE-14700, would like to add support for Secure Server to
> fallback to simple auth for non-secure clients.
> Secure Hadoop to support a permissive mode to allow mixed secure and insecure
> clients. This allows clients to be incrementally migrated over to a secure
> configuration. To enable clients to continue to connect using SIMPLE
> authentication when the cluster is configured for security, set
> "hadoop.ipc.server.fallback-to-simple-auth-allowed" equal to "true" in
> hdfs-site.xml. NOTE: This setting should ONLY be used as a temporary measure
> while converting clients over to secure authentication. It MUST BE DISABLED
> for secure operation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
