accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-4135) Change Kerberos impersonation configuration keys
Date Sat, 06 Feb 2016 07:02:39 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-4135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15135645#comment-15135645
] 

ASF GitHub Bot commented on ACCUMULO-4135:
------------------------------------------

Github user joshelser commented on the pull request:

    https://github.com/apache/accumulo/pull/67#issuecomment-180708585
  
    This is what I was thinking about. Old tests appear to pass, as do the new variants.
    
    I need to update the user manual, though, to reflect the new configuration means. Old
properties are still there too (for backwards compat), but, moving forward, we should try
to have people use these new properties.


> Change Kerberos impersonation configuration keys
> ------------------------------------------------
>
>                 Key: ACCUMULO-4135
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4135
>             Project: Accumulo
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.7.0
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Blocker
>             Fix For: 1.7.1, 1.8.0
>
>
> For the user impersonation support with Kerberos, we need to be able to represent the
following:
> For userA, what other users may userA "act" as and from what host(s) may userA do this
from.
> This was represented as the following in accumulo-site.xml:
> * {{<prefix>.userA.users}}=user1,user2,user3...
> * {{<prefix>.userA.hosts}}=fqdn1,fqdn2,fqdn3...
> Because we're dealing with Kerberos, "userA" is actually something like "primary/instance@REALM".
> I've recently found out that Ambari doesn't like this and apparently it would be prohibitively
difficult to change it there (urlencode, what?). I'll add some new configuration properties
here that change the structure so that there are options for users to configure this through
all deployment mechanisms.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message