ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yusaku Sako <yus...@hortonworks.com>
Subject Re: ambari user management
Date Wed, 05 Mar 2014 20:07:47 GMT
Sorry, I meant https://issues.apache.org/jira/browse/AMBARI-4963


On Wed, Mar 5, 2014 at 12:07 PM, Yusaku Sako <yusaku@hortonworks.com> wrote:

> Good point.  "Users" should be added to the doc.
> Created a JIRA: https://issues.apache.org/jira/browse/AMBARI-4962
>
> Yusaku
>
>
> On Wed, Mar 5, 2014 at 12:04 PM, Alex Nastetsky <anastetsky@spryinc.com>wrote:
>
>> Thanks. Ironically, there is nothing in there about "users", only
>> "clusters" and its sub-resources.
>>
>>
>> On Wed, Mar 5, 2014 at 2:47 PM, Yusaku Sako <yusaku@hortonworks.com>wrote:
>>
>>> Alex,
>>>
>>> You are welcome.
>>> You might want to check out the API Reference:
>>> https://github.com/apache/ambari/blob/trunk/ambari-server/docs/api/v1/index.md
>>>
>>> Yusaku
>>>
>>>
>>> On Wed, Mar 5, 2014 at 11:43 AM, Alex Nastetsky <anastetsky@spryinc.com>wrote:
>>>
>>>> Yusako, this is very helpful! This is  exactly what I was looking for.
>>>>
>>>> By the way, is there any documentation about the API somewhere? So far
>>>> I just I just know about the http://localhost:8080/api/v1/users and
>>>> http://localhost:8080/api/v1/ <http://localhost:8080/api/v1/users/>clusters.
>>>> Attempting to access http://localhost:8080/api/v<http://localhost:8080/api/v1/users/>1
>>>> gives a 404.
>>>>
>>>>
>>>> On Wed, Mar 5, 2014 at 1:41 PM, Yusaku Sako <yusaku@hortonworks.com>wrote:
>>>>
>>>>> Hi Alex,
>>>>>
>>>>> > Do you mean that admin users CAN change passwords through the API
>>>>> in configs.sh?
>>>>>
>>>>> No, admins cannot change user passwords via configs.sh; configs.sh is
>>>>> a wrapper that uses the API to manage "configuration" objects that do
not
>>>>> deal with user passwords.
>>>>> However, admins can change passwords directly via the API (or with a
>>>>> similar wrapper script).
>>>>> Here's an example:
>>>>>
>>>>> curl -i -uadmin:admin -H "X-Requested-By: ambari" -X PUT -d '{"Users":{"roles":"admin,user","password":"mysecret","old_password":"admin"}}'
>>>>> http://localhost:8080/api/v1/users/<user-name>
>>>>>
>>>>> where:
>>>>> * "roles" is a comma-delimited list of roles that the user should
>>>>> belong to "admin,user" for admin users; just "user" for non-admin users.
>>>>> * "password" is the new password to set for the user
>>>>> * "old_password" is misleading, but* it's the password of the admin
>>>>> user invoking this call*.  If you omit this parameter, the API call
>>>>> seems to go thru, but the password does not actually change.  This is
a bit
>>>>> redundant and confusing, but that's how it works today...
>>>>>
>>>>> I hope this helps!
>>>>>
>>>>> Yusaku
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Mar 5, 2014 at 8:20 AM, Alex Nastetsky <anastetsky@spryinc.com
>>>>> > wrote:
>>>>>
>>>>>> Thanks Yusaku,
>>>>>>
>>>>>> Do you mean that admin users CAN change passwords through the API
in
>>>>>> configs.sh? I couldn't find how to do that. None of the CONFIG_TYPE
values
>>>>>> seem relevant, they all deal directly with other Hadoop services.
>>>>>>
>>>>>> I'm talking about this:
>>>>>>
>>>>>>  <CONFIG_TYPE>: One of the various configuration types in Ambari.
>>>>>> Ex:global, core-site, hdfs-site, mapred-queue-acls, etc.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Mar 5, 2014 at 11:11 AM, Yusaku Sako <yusaku@hortonworks.com>wrote:
>>>>>>
>>>>>>> Hi Alex,
>>>>>>>
>>>>>>> Ambari can be configured to use a built-in local user store
>>>>>>> (default) or an external LDAP server (including ActiveDirectory),
which can
>>>>>>> be managed outside of Ambari.
>>>>>>> Unfortunately the built-in user store is a bit simplistic in
that
>>>>>>> only Admins can change the password on behalf of the non-admin
user as you
>>>>>>> mentioned.  The API currently prevents non-admin users from invoking
any
>>>>>>> write operations, including changing their own password, so there
is not a
>>>>>>> good way to do this via the API for now.
>>>>>>>
>>>>>>> Yusaku
>>>>>>> On Mar 5, 2014 7:49 AM, "Alex Nastetsky" <anastetsky@spryinc.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I keep getting spam errors when I send emails to this list.
This is
>>>>>>>> my attempt to circumvent that by putting my message content
in a pastebin:
>>>>>>>>
>>>>>>>> http://pastebin.com/raw.php?i=K03dwytn
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>
>>>>>>> CONFIDENTIALITY NOTICE
>>>>>>> NOTICE: This message is intended for the use of the individual
or
>>>>>>> entity to which it is addressed and may contain information that
is
>>>>>>> confidential, privileged and exempt from disclosure under applicable
law.
>>>>>>> If the reader of this message is not the intended recipient,
you are hereby
>>>>>>> notified that any printing, copying, dissemination, distribution,
>>>>>>> disclosure or forwarding of this communication is strictly prohibited.
If
>>>>>>> you have received this communication in error, please contact
the sender
>>>>>>> immediately and delete it from your system. Thank You.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE
>>>>> NOTICE: This message is intended for the use of the individual or
>>>>> entity to which it is addressed and may contain information that is
>>>>> confidential, privileged and exempt from disclosure under applicable
law.
>>>>> If the reader of this message is not the intended recipient, you are
hereby
>>>>> notified that any printing, copying, dissemination, distribution,
>>>>> disclosure or forwarding of this communication is strictly prohibited.
If
>>>>> you have received this communication in error, please contact the sender
>>>>> immediately and delete it from your system. Thank You.
>>>>>
>>>>
>>>>
>>>
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to which it is addressed and may contain information that is confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader
>>> of this message is not the intended recipient, you are hereby notified that
>>> any printing, copying, dissemination, distribution, disclosure or
>>> forwarding of this communication is strictly prohibited. If you have
>>> received this communication in error, please contact the sender immediately
>>> and delete it from your system. Thank You.
>>>
>>
>>
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Mime
View raw message