ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey E Rodriguez (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-12415) Ambari should set dr. who in the admin acl by default in the secure cluster
Date Fri, 04 Mar 2016 20:10:40 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-12415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15180467#comment-15180467
] 

Jeffrey E  Rodriguez commented on AMBARI-12415:
-----------------------------------------------

I have one concern with this solution which is that we are giving anonymous user "dr.who"
yarn admin access. Seems to be like this would be a vulnerability.
Wouldn't a better solution would be to turn on Console security?

> Ambari should set dr. who in the admin acl by default in the secure cluster
> ---------------------------------------------------------------------------
>
>                 Key: AMBARI-12415
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12415
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Jaimin D Jetly
>            Assignee: Jaimin D Jetly
>            Priority: Critical
>             Fix For: 2.1.1
>
>         Attachments: AMBARI-12415.patch, dr.who logged in (with fix).png, kerberized
cluster(with fix).png
>
>
> In a secure cluster,  user access the UI by default as dr. who. Since dr. who by default
is not allowed to view the app info, user cannot view the apps. The proposal is to always
add dr who. as the admin user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message