You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2015/10/03 17:52:26 UTC
[jira] [Commented] (STORM-997) Add support for user specified UGI -
(UserGroupInformation) for storm hdfs connector
[ https://issues.apache.org/jira/browse/STORM-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14942364#comment-14942364 ]
ASF GitHub Bot commented on STORM-997:
--------------------------------------
Github user revans2 commented on the pull request:
https://github.com/apache/storm/pull/692#issuecomment-145260515
@priyank5485 and others I am not totally sure that this is a good idea. If HDFS is running secure and Storm is running insecure, with this feature enabled you have now disabled security in HDFS, so anyone who can submit a topology (a.k.a everyone) can pretend to be any user in HDFS. To me I would much rather see the feature that allows this to work with an arbitrary UGI. Or better have a keytab installed on the worker nodes then you just need a config to point to that keytab and the principal you want to use out of it.
I am -0 on this change. I am not going to block it, but I would prefer to see it done a different way.
> Add support for user specified UGI - (UserGroupInformation) for storm hdfs connector
> ------------------------------------------------------------------------------------
>
> Key: STORM-997
> URL: https://issues.apache.org/jira/browse/STORM-997
> Project: Apache Storm
> Issue Type: Sub-task
> Components: storm-hdfs
> Reporter: Priyank Shah
> Assignee: Priyank Shah
>
> In a non-secure environment, Storm HDFS component that provides interaction with HDFS from storm currently does that as the user storm with which the worker process had been started. We want to allow the component to interact with hdfs as the user provided instead of user running the worker process
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)