> When the new NONE (or any proposed alternative name) is used as the authentication type in an External Catalog, what kind of auth flow will actually happen in runtime?
This question really gets to the core of what we are discussing. From my perspective in implementing HADOOP, we can interpret NONE in two ways: 1. Polaris does no auth whatsoever 2. The EXTERNAL catalog connection config does not describe any kind of auth My interpretation of NONE is (2). While it's true that Polaris doesn't explicitly do any kind of auth for Hadoop and relies on the fact that new Configuration() happens to load from some env vars, I do not believe that it's really accurate to say we are in situation (1). Polaris may still be doing some auth, even if it's not obvious from a quick pass over the code. Rather, NONE indicates that the ConnectionConfigInfo itself does not contain any authentication credentials or mechanism. Consider another example -- if the auth type is configured as OAUTH, that doesn't mean that the remote catalog isn't additionally using mTLS. It just means that the ConnectionConfigInfo attached to the EXTERNAL catalog in Polaris contains OAUTH-related information. --EM
