Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BEA1CDAFB for ; Sat, 7 Jul 2012 08:49:37 +0000 (UTC) Received: (qmail 92486 invoked by uid 500); 7 Jul 2012 08:49:37 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 92185 invoked by uid 500); 7 Jul 2012 08:49:36 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 92127 invoked by uid 99); 7 Jul 2012 08:49:35 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Jul 2012 08:49:35 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id 9B16C142854 for ; Sat, 7 Jul 2012 08:49:34 +0000 (UTC) Date: Sat, 7 Jul 2012 08:49:34 +0000 (UTC) From: "Guillaume Nodet (JIRA)" To: common-issues@hadoop.apache.org Message-ID: <246235923.18330.1341650974639.JavaMail.jiratomcat@issues-vm> In-Reply-To: <1748240361.14134.1341583535091.JavaMail.jiratomcat@issues-vm> Subject: [jira] [Updated] (HADOOP-8572) Have the ability to force the use of the login user MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-8572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Guillaume Nodet updated HADOOP-8572: ------------------------------------ Attachment: HADOOP-8572.patch > Have the ability to force the use of the login user > ---------------------------------------------------- > > Key: HADOOP-8572 > URL: https://issues.apache.org/jira/browse/HADOOP-8572 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Guillaume Nodet > Attachments: HADOOP-8572.patch > > > In Karaf, most of the code is run under the "karaf" user. When a user ssh into Karaf, commands will be executed under that user. > Deploying hadoop inside Karaf requires that the authenticated Subject has the required hadoop principals set, which forces the reconfiguration of the whole security layer, even at dev time. > My patch proposes the introduction of a new configuration property {{hadoop.security.force.login.user}} which if set to true (it would default to false to keep the current behavior), would force the use of the login user instead of using the authenticated subject (which is what happen when there's no authenticated subject at all). This greatly simplifies the use of hadoop in such environments where security isn't really needed (at dev time). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira