ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Attila Magyar (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-19187) Disable security hook
Date Tue, 13 Dec 2016 13:54:58 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-19187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Attila Magyar updated AMBARI-19187:
-----------------------------------
    Fix Version/s: 2.5.0
           Status: Patch Available  (was: Open)

> Disable security hook
> ---------------------
>
>                 Key: AMBARI-19187
>                 URL: https://issues.apache.org/jira/browse/AMBARI-19187
>             Project: Ambari
>          Issue Type: New Feature
>          Components: ambari-agent, ambari-server
>    Affects Versions: 2.5.0
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
>             Fix For: 2.5.0
>
>
> Hadoop components need to establish a secure connection with ZooKeeper when Kerberos
is enabled. This involves the setup of the correct authentication (JAAS config file) and authorization
(per-component Kerberos-backed ACLs on the znodes) between the service and ZooKeeper. Most
services are able to set these ACLs based on their config when the user enable kerberos.
> When we disable kerberos again, the sasl ACL should be removed otherwise the services
won't be able to access their znodes.
> This issue is about introducing a new command (DISABLE_SECURITY) that will be sent by
the ambari server to the services upon the dekerberiztion process. When a service receives
this command it will be able to do the zookeeper secure to unsecure migration process (e.g.
removing sasl ACLs).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message