[STORM-446] secure Impersonation in storm - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.10.0
Component/s: storm-core
Labels:
- Security

Description

Storm security adds features of authenticating with kerberos and than uses that principal and TGT as way to authorize user operations, topology operation. Currently Storm UI user needs to be part of nimbus.admins to get details on user submitted topologies. Ideally storm ui needs to take authenticated user principal to submit requests to nimbus which will than authorize the user rather than storm UI user. This feature will also benefit superusers to impersonate other users to submit topologies in a secured way.

Attachments

Sub-Tasks

Allow users to have a config value "doAsUser" that will be picked up by nimbus client.

Resolved

Parth Brahmbhatt

Activity

People

Assignee:: Parth Brahmbhatt

Reporter:: Harsha

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 08/Aug/14 17:12

Updated:: 09/Oct/15 00:50

Resolved:: 01/Jun/15 19:14