Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-19187

Disable security hook

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.5.0
    • 2.5.0
    • ambari-agent, ambari-server
    • None

    Description

      Hadoop components need to establish a secure connection with ZooKeeper when Kerberos is enabled. This involves the setup of the correct authentication (JAAS config file) and authorization (per-component Kerberos-backed ACLs on the znodes) between the service and ZooKeeper. Most services are able to set these ACLs based on their config when the user enable kerberos.

      When we disable kerberos again, the sasl ACL should be removed otherwise the services won't be able to access their znodes.

      This issue is about introducing a new command (DISABLE_SECURITY) that will be sent by the ambari server to the services upon the dekerberiztion process. When a service receives this command it will be able to do the zookeeper secure to unsecure migration process (e.g. removing sasl ACLs).

      Attachments

        1. AMBARI-19187_trunk.patch
          33 kB
          Attila Magyar
        2. AMBARI-19187_branch-2.5.patch
          33 kB
          Attila Magyar

        Issue Links

          Activity

            People

              amagyar Attila Magyar
              amagyar Attila Magyar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: