You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Thomas Tauber-Marshall (Jira)" <ji...@apache.org> on 2020/12/07 22:29:00 UTC

[jira] [Created] (IMPALA-10381) Fix overloading of --ldap_passwords_in_clear_ok

Thomas Tauber-Marshall created IMPALA-10381:
-----------------------------------------------

             Summary: Fix overloading of --ldap_passwords_in_clear_ok
                 Key: IMPALA-10381
                 URL: https://issues.apache.org/jira/browse/IMPALA-10381
             Project: IMPALA
          Issue Type: Improvement
    Affects Versions: Impala 4.0
            Reporter: Thomas Tauber-Marshall
            Assignee: Thomas Tauber-Marshall


The --ldap_passwords_in_clear_ok flag was originally intended to allow configurations where Impala connects to LDAP without SSL, for testing purposes.

Since then, two other uses of the flag have been added: 1) for controlling whether cookies include the 'Secure' attribute and 2) for controlling whether the webserver allows LDAP auth to be enabled if SSL isn't.

Some use cases may prefer to control these values separately - for example, in a Kubernetes environment there may be SSL termination that happens at the ingress such that SSL isn't enabled on the webserver but its still safe to have LDAP auth enabled, in which case the 'Secure' attribute is still desired for cookies.

We should separate this out into 3 different flags. Because the flag was marked 'for testing only', I don't think this needs to be considered a breaking change.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)