hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8572) Have the ability to force the use of the login user
Date Tue, 10 Jul 2012 20:10:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13410770#comment-13410770
] 

Guillaume Nodet commented on HADOOP-8572:
-----------------------------------------

Definitely.  The question comes down to: is that something you want to force the user into
?
I usually try to make things as easy to use as possible when possible, especially when you
can change the config to suit more complex needs (for security or any other matter).
                
> Have the ability to force the use of the login user 
> ----------------------------------------------------
>
>                 Key: HADOOP-8572
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8572
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Guillaume Nodet
>         Attachments: HADOOP-8572.patch
>
>
> In Karaf, most of the code is run under the "karaf" user. When a user ssh into Karaf,
commands will be executed under that user.
> Deploying hadoop inside Karaf requires that the authenticated Subject has the required
hadoop principals set, which forces the reconfiguration of the whole security layer, even
at dev time.
> My patch proposes the introduction of a new configuration property {{hadoop.security.force.login.user}}
which if set to true (it would default to false to keep the current behavior), would force
the use of the login user instead of using the authenticated subject (which is what happen
when there's no authenticated subject at all).  This greatly simplifies the use of hadoop
in such environments where security isn't really needed (at dev time).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message