[AMBARI-19187] Disable security hook - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: 2.5.0
Component/s: ambari-agent, ambari-server
Labels:
None

External issue URL:
https://issues.apache.org/jira/browse/AMBARI-19187

Description

Hadoop components need to establish a secure connection with ZooKeeper when Kerberos is enabled. This involves the setup of the correct authentication (JAAS config file) and authorization (per-component Kerberos-backed ACLs on the znodes) between the service and ZooKeeper. Most services are able to set these ACLs based on their config when the user enable kerberos.

When we disable kerberos again, the sasl ACL should be removed otherwise the services won't be able to access their znodes.

This issue is about introducing a new command (DISABLE_SECURITY) that will be sent by the ambari server to the services upon the dekerberiztion process. When a service receives this command it will be able to do the zookeeper secure to unsecure migration process (e.g. removing sasl ACLs).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-19187_branch-2.5.patch
22/Dec/16 17:08
33 kB
Attila Magyar
AMBARI-19187_trunk.patch
22/Dec/16 17:08
33 kB
Attila Magyar

Issue Links

links to

review board

Activity

People

Assignee:: Attila Magyar

Reporter:: Attila Magyar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Dec/16 10:23

Updated:: 23/Dec/16 18:48

Resolved:: 23/Dec/16 18:48