ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Attila Magyar (JIRA)" <>
Subject [jira] [Updated] (AMBARI-19187) Disable security hook
Date Tue, 13 Dec 2016 12:45:58 GMT


Attila Magyar updated AMBARI-19187:
    External issue URL:

> Disable security hook
> ---------------------
>                 Key: AMBARI-19187
>                 URL:
>             Project: Ambari
>          Issue Type: New Feature
>          Components: ambari-agent, ambari-server
>    Affects Versions: 2.5.0
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
> Hadoop components need to establish a secure connection with ZooKeeper when Kerberos
is enabled. This involves the setup of the correct authentication (JAAS config file) and authorization
(per-component Kerberos-backed ACLs on the znodes) between the service and ZooKeeper. Most
services are able to set these ACLs based on their config when the user enable kerberos.
> When we disable kerberos again, the sasl ACL should be removed otherwise the services
won't be able to access their znodes.
> This issue is about introducing a new command (DISABLE_SECURITY) that will be sent by
the ambari server to the services upon the dekerberiztion process. When a service receives
this command it will be able to do the zookeeper secure to unsecure migration process (e.g.
removing sasl ACLs).

This message was sent by Atlassian JIRA

View raw message