accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2907) Invalidate "this may not be applicable for your security setup" warning from initialize
Date Wed, 18 Jun 2014 18:36:26 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14036111#comment-14036111
] 

Christopher Tubbs commented on ACCUMULO-2907:
---------------------------------------------

Yes, see ACCUMULO-1300. The idea was to preserve local users, and setting a password on the
root user would always be applicable. The pluggable permissions handler would continue to
decide permissions for users from the other authenticators (who are not the local root user,
but could have equivalent permissions, granted by that mechanism).

This mirrors the way operating systems manage users (local users, AD/LDAP/NIS users, etc.)

> Invalidate "this may not be applicable for your security setup" warning from initialize
> ---------------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-2907
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2907
>             Project: Accumulo
>          Issue Type: Improvement
>            Reporter: Josh Elser
>            Priority: Minor
>
> After looking at the output of {{accumulo init}} probably at a weekly rate for the past
few years, can we be smarter about prompting for a root user password?
> I know that the warning was added to try to avoid confusion for users who are using external
authentication systems (not our default), but it's a little silly for both parties. The default
implementation needs a root password, and any external system should just not be prompted
at all.
> Could we look into the Authorizor interface to add a new method like {{public boolean
requiresRootPasswordInitialization()}} that would let us defer to the implementation to know
whether or not we need to prompt the user. It seems that if we could push down this logic,
it would make for less cruft on the screen all parties in the initialization output (which
continues to be a source of confusion for brand new users).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message