-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Invalid
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: kms
-
Labels:None
KMSACLs uses AccessControlList for authorization.
For creating groups membership, the group implementation class that will be instantiated is configured by hadoop.security.group.mapping.
Today KMSACLs class reads only kms-acls.xml file to create AccessControlList.
kms-acls.xml doesn't look the right place add the above config.
So KMSAcls should read either kms-site.
Xiao Chen: Any preference which file should acls load ?
IMO it should be kms-site because that file is mandatory. But all the properties in kms-site.xml starts with hadoop.kms, I am little bit inclined towards core-site.xml.