hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10448) Support pluggable mechanism to specify proxy user settings
Date Fri, 02 May 2014 17:11:19 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13987921#comment-13987921
] 

Benoy Antony commented on HADOOP-10448:
---------------------------------------

{quote}
My question was actually if the get*ConfKey methods need to remain in ProxyUsers and delegation
directly to the DefaultImpersonationProvider? It seems they are only used by tests. Leaving
them in would allow someone to use them. If they aren't using the default provider, it may
be surprising that they are a no-op...
{quote}

I got it. I can remove them from ProxyUsers and modify all the references to directly invoke
DefaultImpersonationProvider methods. That will make ProxyUsers cleaner.

These are currently accessed only from tests in hadoop code. Unfortunately they are also accessed
from TestHadoop20SAuthBridge.java in Hive. HBase does not use these methods. May be hive test
can also be modified to DefaultImpersonationProvider directly.



 




> Support pluggable mechanism to specify proxy user settings
> ----------------------------------------------------------
>
>                 Key: HADOOP-10448
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10448
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.3.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch
>
>
> We have a requirement to support large number of superusers. (users who impersonate as
another user) (http://hadoop.apache.org/docs/r1.2.1/Secure_Impersonation.html) 
> Currently each  superuser needs to be defined in the core-site.xml via proxyuser settings.
This will be cumbersome when there are 1000 entries.
> It seems useful to have a pluggable mechanism to specify  proxy user settings with the
current approach as the default. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message