accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher <ctubb...@apache.org>
Subject Re: Change in 'accumulo init' behavior
Date Sat, 02 Feb 2013 05:19:42 GMT
David, John-

This is a good point. I think it'd be better to retain the previous
behavior, for backwards compatibility, or eliminate all these prompts
entirely (my preference is the latter). If I may speak about the original
design of the user management functionality, the whole point of a "root"
user in the first place was to provide a basis for managing other users.
However, this role is obsoleted by any pluggable authentication mechanism,
because those alternate implementations may have drastically different user
management capabilities, and the root user is no longer required.

A large part of my overall criticism of the new authentication model is
this intermingling of pluggable authentication mechanisms with Accumulo's
former API for user management. I find it difficult to get behind a
pluggable authentication system that still tightly coupled to the built-in
user management functionality (except where needed for backwards
compatibility with the user/password)... mainly, because I thought the
whole point of pluggable authentication (or at least, the best argument for
it) was to unlink these, and allow user- and authorization-management
external to Accumulo.


--
Christopher L Tubbs II
http://gravatar.com/ctubbsii


On Fri, Feb 1, 2013 at 11:50 PM, John Vines <vines@apache.org> wrote:

> Yes, this has changed in trunk to support the pluggable authentication
> schemes.
>
> Sent from my phone, please pardon the typos and brevity.
> On Feb 1, 2013 11:36 PM, "David Medinets" <david.medinets@gmail.com>
> wrote:
>
> > The following command used to work:
> >
> >   su accumulo -c "/usr/local/accumulo/bin/accumulo init
> > --clear-instance-name --instance-name instance --password secret"
> >
> > but now it is asking for a name:
> >
> >   Enter name for initial root user ( root):
> >
> > I can easily update my script to use --username but wanted to point
> > out this behaviour change.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message