accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [2/2] accumulo git commit: ACCUMULO-3607 Add section about `accumulo init` with kerberos
Date Mon, 23 Feb 2015 17:27:23 GMT
ACCUMULO-3607 Add section about `accumulo init` with kerberos


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/95b9f00a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/95b9f00a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/95b9f00a

Branch: refs/heads/master
Commit: 95b9f00a8facc7778840febf4b44fde404f688fa
Parents: 97832e9
Author: Josh Elser <elserj@apache.org>
Authored: Mon Feb 23 12:24:41 2015 -0500
Committer: Josh Elser <elserj@apache.org>
Committed: Mon Feb 23 12:24:41 2015 -0500

----------------------------------------------------------------------
 docs/src/main/asciidoc/chapters/kerberos.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/95b9f00a/docs/src/main/asciidoc/chapters/kerberos.txt
----------------------------------------------------------------------
diff --git a/docs/src/main/asciidoc/chapters/kerberos.txt b/docs/src/main/asciidoc/chapters/kerberos.txt
index ef7a7f5..95fd5f6 100644
--- a/docs/src/main/asciidoc/chapters/kerberos.txt
+++ b/docs/src/main/asciidoc/chapters/kerberos.txt
@@ -210,6 +210,19 @@ The KDC is still the authoritative entity for user management. The previously
me
 are provided as they simplify management of users within Accumulo, especially with respect
 to granting Authorizations and Permissions to new users.
 
+===== Accumulo Initialization
+
+Out of the box (without Kerberos enabled), Accumulo has a single user with administrative
permissions "root".
+This users is used to "bootstrap" other users, creating less-privileged users for applications
using
+the system. In Kerberos, to authenticate with the system, it's required that the client presents
Kerberos
+credentials for the principal (user) the client is trying to authenticate as.
+
+Because of this, an administrative user named "root" would be useless in an instance using
Kerberos,
+because it is very unlikely to have Kerberos credentials for a principal named `root`. When
Kerberos is
+enabled, Accumulo will prompt for the name of a user to grant the same permissions as what
the `root`
+user would normally have. The name of the Accumulo user to grant administrative permissions
to can
+also be given by the `-u` or `--user` options.
+
 ===== Verifying secure access
 
 To verify that servers have correctly started with Kerberos enabled, ensure that the processes


Mime
View raw message