You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by revans2 <gi...@git.apache.org> on 2015/10/03 17:51:58 UTC

[GitHub] storm pull request: STORM-997: Add proxy user functionality for st...

Github user revans2 commented on the pull request:

    https://github.com/apache/storm/pull/692#issuecomment-145260515
  
    @priyank5485 and others I am not totally sure that this is a good idea.  If HDFS is running secure and Storm is running insecure, with this feature enabled you have now disabled security in HDFS, so anyone who can submit a topology (a.k.a everyone) can pretend to be any user in HDFS.  To me I would much rather see the feature that allows this to work with an arbitrary UGI.  Or better have a keytab installed on the worker nodes then you just need a config to point to that keytab and the principal you want to use out of it.
    
    I am -0 on this change.  I am not going to block it, but I would prefer to see it done a different way.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---