accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-4135) Change Kerberos impersonation configuration keys
Date Sat, 06 Feb 2016 07:02:39 GMT


ASF GitHub Bot commented on ACCUMULO-4135:

Github user joshelser commented on the pull request:
    This is what I was thinking about. Old tests appear to pass, as do the new variants.
    I need to update the user manual, though, to reflect the new configuration means. Old
properties are still there too (for backwards compat), but, moving forward, we should try
to have people use these new properties.

> Change Kerberos impersonation configuration keys
> ------------------------------------------------
>                 Key: ACCUMULO-4135
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.7.0
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Blocker
>             Fix For: 1.7.1, 1.8.0
> For the user impersonation support with Kerberos, we need to be able to represent the
> For userA, what other users may userA "act" as and from what host(s) may userA do this
> This was represented as the following in accumulo-site.xml:
> * {{<prefix>.userA.users}}=user1,user2,user3...
> * {{<prefix>.userA.hosts}}=fqdn1,fqdn2,fqdn3...
> Because we're dealing with Kerberos, "userA" is actually something like "primary/instance@REALM".
> I've recently found out that Ambari doesn't like this and apparently it would be prohibitively
difficult to change it there (urlencode, what?). I'll add some new configuration properties
here that change the structure so that there are options for users to configure this through
all deployment mechanisms.

This message was sent by Atlassian JIRA

View raw message