[2/2] accumulo git commit: ACCUMULO-3607 Add section about `accumulo init` with kerberos

[el...@apache.org]

ACCUMULO-3607 Add section about `accumulo init` with kerberos


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/95b9f00a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/95b9f00a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/95b9f00a

Branch: refs/heads/master
Commit: 95b9f00a8facc7778840febf4b44fde404f688fa
Parents: 97832e9
Author: Josh Elser <el...@apache.org>
Authored: Mon Feb 23 12:24:41 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Mon Feb 23 12:24:41 2015 -0500

----------------------------------------------------------------------
 docs/src/main/asciidoc/chapters/kerberos.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/95b9f00a/docs/src/main/asciidoc/chapters/kerberos.txt
----------------------------------------------------------------------
diff --git a/docs/src/main/asciidoc/chapters/kerberos.txt b/docs/src/main/asciidoc/chapters/kerberos.txt
index ef7a7f5..95fd5f6 100644
--- a/docs/src/main/asciidoc/chapters/kerberos.txt
+++ b/docs/src/main/asciidoc/chapters/kerberos.txt
@@ -210,6 +210,19 @@ The KDC is still the authoritative entity for user management. The previously me
 are provided as they simplify management of users within Accumulo, especially with respect
 to granting Authorizations and Permissions to new users.
 
+===== Accumulo Initialization
+
+Out of the box (without Kerberos enabled), Accumulo has a single user with administrative permissions "root".
+This users is used to "bootstrap" other users, creating less-privileged users for applications using
+the system. In Kerberos, to authenticate with the system, it's required that the client presents Kerberos
+credentials for the principal (user) the client is trying to authenticate as.
+
+Because of this, an administrative user named "root" would be useless in an instance using Kerberos,
+because it is very unlikely to have Kerberos credentials for a principal named `root`. When Kerberos is
+enabled, Accumulo will prompt for the name of a user to grant the same permissions as what the `root`
+user would normally have. The name of the Accumulo user to grant administrative permissions to can
+also be given by the `-u` or `--user` options.
+
 ===== Verifying secure access
 
 To verify that servers have correctly started with Kerberos enabled, ensure that the processes