You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/02/06 08:01:39 UTC

[jira] [Commented] (ACCUMULO-4135) Change Kerberos impersonation configuration keys

    [ https://issues.apache.org/jira/browse/ACCUMULO-4135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15135644#comment-15135644 ] 

ASF GitHub Bot commented on ACCUMULO-4135:
------------------------------------------

GitHub user joshelser opened a pull request:

    https://github.com/apache/accumulo/pull/67

    ACCUMULO-4135 Add impersonation configuration keys which don't put th…

    …e principal in the key.
    
    Apparently, Ambari has a very hard time handling configuration keys that have '/'
    characters in them. As such, this breaks the impersonation config keys, as they
    will near always have a '/' in them (e.g. primary/instance@REALM). This is sad.
    
    This commit introduces an alternate strategy for specifying the same configuration
    items but only using the values.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/joshelser/accumulo ACCUMULO-4135-impersonation-config

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/accumulo/pull/67.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #67
    
----
commit c43bf64e87d9e095f0a1a2edb55439d806fd96f8
Author: Josh Elser <el...@apache.org>
Date:   2016-02-06T06:57:54Z

    ACCUMULO-4135 Add impersonation configuration keys which don't put the principal in the key.
    
    Apparently, Ambari has a very hard time handling configuration keys that have '/'
    characters in them. As such, this breaks the impersonation config keys, as they
    will near always have a '/' in them (e.g. primary/instance@REALM). This is sad.
    
    This commit introduces an alternate strategy for specifying the same configuration
    items but only using the values.

----


> Change Kerberos impersonation configuration keys
> ------------------------------------------------
>
>                 Key: ACCUMULO-4135
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4135
>             Project: Accumulo
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.7.0
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Blocker
>             Fix For: 1.7.1, 1.8.0
>
>
> For the user impersonation support with Kerberos, we need to be able to represent the following:
> For userA, what other users may userA "act" as and from what host(s) may userA do this from.
> This was represented as the following in accumulo-site.xml:
> * {{<prefix>.userA.users}}=user1,user2,user3...
> * {{<prefix>.userA.hosts}}=fqdn1,fqdn2,fqdn3...
> Because we're dealing with Kerberos, "userA" is actually something like "primary/instance@REALM".
> I've recently found out that Ambari doesn't like this and apparently it would be prohibitively difficult to change it there (urlencode, what?). I'll add some new configuration properties here that change the structure so that there are options for users to configure this through all deployment mechanisms.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)