Return-Path: X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7438C11F94 for ; Wed, 18 Jun 2014 18:36:26 +0000 (UTC) Received: (qmail 89634 invoked by uid 500); 18 Jun 2014 18:36:26 -0000 Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org Received: (qmail 89602 invoked by uid 500); 18 Jun 2014 18:36:26 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 89581 invoked by uid 99); 18 Jun 2014 18:36:26 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Jun 2014 18:36:26 +0000 Date: Wed, 18 Jun 2014 18:36:26 +0000 (UTC) From: "Christopher Tubbs (JIRA)" To: notifications@accumulo.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ACCUMULO-2907) Invalidate "this may not be applicable for your security setup" warning from initialize MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14036111#comment-14036111 ] Christopher Tubbs commented on ACCUMULO-2907: --------------------------------------------- Yes, see ACCUMULO-1300. The idea was to preserve local users, and setting a password on the root user would always be applicable. The pluggable permissions handler would continue to decide permissions for users from the other authenticators (who are not the local root user, but could have equivalent permissions, granted by that mechanism). This mirrors the way operating systems manage users (local users, AD/LDAP/NIS users, etc.) > Invalidate "this may not be applicable for your security setup" warning from initialize > --------------------------------------------------------------------------------------- > > Key: ACCUMULO-2907 > URL: https://issues.apache.org/jira/browse/ACCUMULO-2907 > Project: Accumulo > Issue Type: Improvement > Reporter: Josh Elser > Priority: Minor > > After looking at the output of {{accumulo init}} probably at a weekly rate for the past few years, can we be smarter about prompting for a root user password? > I know that the warning was added to try to avoid confusion for users who are using external authentication systems (not our default), but it's a little silly for both parties. The default implementation needs a root password, and any external system should just not be prompted at all. > Could we look into the Authorizor interface to add a new method like {{public boolean requiresRootPasswordInitialization()}} that would let us defer to the implementation to know whether or not we need to prompt the user. It seems that if we could push down this logic, it would make for less cruft on the screen all parties in the initialization output (which continues to be a source of confusion for brand new users). -- This message was sent by Atlassian JIRA (v6.2#6252)