ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shivani Gupta (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-6857) Storm kerberos security support
Date Wed, 13 Aug 2014 23:48:12 GMT
Shivani Gupta created AMBARI-6857:
-------------------------------------

             Summary: Storm kerberos security support
                 Key: AMBARI-6857
                 URL: https://issues.apache.org/jira/browse/AMBARI-6857
             Project: Ambari
          Issue Type: Improvement
    Affects Versions: 1.8.0
            Reporter: Shivani Gupta
             Fix For: 1.8.0


Currently Storm does not support any authentication and all topologies run under the same
user. Yahoo has already done the work to fix some of this and we need to pick this up.

1. Kerberos authentication with Nimbus & other Storm daemons
2. Ability to run worker processes as the user who submitted the topology
3. ACLs in Storm to restrict topology access by user
4. When visiting Nimbus UI from Ambari OR directly accessing it from the browser, users should
be authenticated and only shown the topologies that they have access to. 
5. When using the REST API or CLI, users should be authenticated and only allowed manipulate
or access data for the topologies they have access to

Links to Yahoo's work:
https://github.com/yahoo/incubator-storm/blob/security/security.md

Describes a bit about how to set up a secure storm cluster, and the changes that we have put
in.
https://github.com/yahoo/incubator-storm/compare/security
Shows the diff of the two and
https://github.com/yahoo/incubator-storm/tree/security

Also See Apache JIRA - https://issues.apache.org/jira/browse/STORM-216



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message