You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Shivani Gupta (JIRA)" <ji...@apache.org> on 2014/08/14 01:48:12 UTC

[jira] [Created] (AMBARI-6857) Storm kerberos security support

Shivani Gupta created AMBARI-6857:
-------------------------------------

             Summary: Storm kerberos security support
                 Key: AMBARI-6857
                 URL: https://issues.apache.org/jira/browse/AMBARI-6857
             Project: Ambari
          Issue Type: Improvement
    Affects Versions: 1.8.0
            Reporter: Shivani Gupta
             Fix For: 1.8.0


Currently Storm does not support any authentication and all topologies run under the same user. Yahoo has already done the work to fix some of this and we need to pick this up.

1. Kerberos authentication with Nimbus & other Storm daemons
2. Ability to run worker processes as the user who submitted the topology
3. ACLs in Storm to restrict topology access by user
4. When visiting Nimbus UI from Ambari OR directly accessing it from the browser, users should be authenticated and only shown the topologies that they have access to. 
5. When using the REST API or CLI, users should be authenticated and only allowed manipulate or access data for the topologies they have access to

Links to Yahoo's work:
https://github.com/yahoo/incubator-storm/blob/security/security.md

Describes a bit about how to set up a secure storm cluster, and the changes that we have put in.
https://github.com/yahoo/incubator-storm/compare/security
Shows the diff of the two and
https://github.com/yahoo/incubator-storm/tree/security

Also See Apache JIRA - https://issues.apache.org/jira/browse/STORM-216



--
This message was sent by Atlassian JIRA
(v6.2#6252)