[
https://issues.apache.org/jira/browse/HADOOP-10391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13923240#comment-13923240
]
Daryn Sharp commented on HADOOP-10391:
--------------------------------------
Agreed - since I was the one who asked Benoy to enforce valid values. :) With
the former defaulting unknown values to auth, it meant a typo would silently
downgrade security from what was intended.
Rather than bend hadoop to conform to an invalid setting that "worked",
wouldn't it be easier to just fix the conf? It's a bit of a rabbit hole to add
"compatibility" for specific cases of bad behavior. You should be able to just
remove the config key on the insecure clusters.
> HADOOP-10211 change for comma-separated list of QOP values broke
> backwards-compatibility with existing configs.
> ---------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10391
> URL: https://issues.apache.org/jira/browse/HADOOP-10391
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.0
> Reporter: Chris Nauroth
> Priority: Blocker
>
> HADOOP-10211 changed parsing of QOP values to support a comma-separated list.
> This change accidentally broke backwards-compatibility with existing
> configs. Previously, an unrecognized value caused it to default to
> authentication. Now, an unrecognized value causes
> {{IllegalArgumentException}}. Some deployments had been using a value of
> "none" in insecure clusters, so the change would break those existing
> deployments.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
