You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Thomas Tauber-Marshall (Jira)" <ji...@apache.org> on 2020/12/07 22:29:00 UTC
[jira] [Created] (IMPALA-10381) Fix overloading of
--ldap_passwords_in_clear_ok
Thomas Tauber-Marshall created IMPALA-10381:
-----------------------------------------------
Summary: Fix overloading of --ldap_passwords_in_clear_ok
Key: IMPALA-10381
URL: https://issues.apache.org/jira/browse/IMPALA-10381
Project: IMPALA
Issue Type: Improvement
Affects Versions: Impala 4.0
Reporter: Thomas Tauber-Marshall
Assignee: Thomas Tauber-Marshall
The --ldap_passwords_in_clear_ok flag was originally intended to allow configurations where Impala connects to LDAP without SSL, for testing purposes.
Since then, two other uses of the flag have been added: 1) for controlling whether cookies include the 'Secure' attribute and 2) for controlling whether the webserver allows LDAP auth to be enabled if SSL isn't.
Some use cases may prefer to control these values separately - for example, in a Kubernetes environment there may be SSL termination that happens at the ingress such that SSL isn't enabled on the webserver but its still safe to have LDAP auth enabled, in which case the 'Secure' attribute is still desired for cookies.
We should separate this out into 3 different flags. Because the flag was marked 'for testing only', I don't think this needs to be considered a breaking change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)