Uploaded image for project: 'Accumulo'
  1. Accumulo
  2. ACCUMULO-4135

Change Kerberos impersonation configuration keys

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.7.0
    • Fix Version/s: 1.7.1, 1.8.0
    • Component/s: core
    • Labels:
      None

      Description

      For the user impersonation support with Kerberos, we need to be able to represent the following:

      For userA, what other users may userA "act" as and from what host(s) may userA do this from.

      This was represented as the following in accumulo-site.xml:

      • <prefix>.userA.users=user1,user2,user3...
      • <prefix>.userA.hosts=fqdn1,fqdn2,fqdn3...

      Because we're dealing with Kerberos, "userA" is actually something like "primary/instance@REALM".

      I've recently found out that Ambari doesn't like this and apparently it would be prohibitively difficult to change it there (urlencode, what?). I'll add some new configuration properties here that change the structure so that there are options for users to configure this through all deployment mechanisms.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                elserj Josh Elser
                Reporter:
                elserj Josh Elser
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m