hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arpit Agarwal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10448) Support pluggable mechanism to specify proxy user settings
Date Wed, 28 May 2014 23:02:02 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14011783#comment-14011783
] 

Arpit Agarwal commented on HADOOP-10448:
----------------------------------------

Hi [~benoyantony],

During {{ImpersonationProvider}} initialization:
{code}
  public static void authorize(UserGroupInformation user, 
      String remoteAddress) throws AuthorizationException {
    if (sip==null) {
      refreshSuperUserGroupsConfiguration(); 
    }
{code}

and in {{refreshSuperUserGroupsConfiguration}}
{code}
public static void refreshSuperUserGroupsConfiguration(Configuration conf) {    
    sip = getInstance(conf);
...
{code}

So the first few calls could be serviced by different {{ImpersonationProvider}} objects.

Is this acceptable behavior? It should be documented if so.

> Support pluggable mechanism to specify proxy user settings
> ----------------------------------------------------------
>
>                 Key: HADOOP-10448
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10448
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.3.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
HADOOP-10448.patch
>
>
> We have a requirement to support large number of superusers. (users who impersonate as
another user) (http://hadoop.apache.org/docs/r1.2.1/Secure_Impersonation.html) 
> Currently each  superuser needs to be defined in the core-site.xml via proxyuser settings.
This will be cumbersome when there are 1000 entries.
> It seems useful to have a pluggable mechanism to specify  proxy user settings with the
current approach as the default. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message