You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@accumulo.apache.org by el...@apache.org on 2015/02/23 18:27:22 UTC

[1/2] accumulo git commit: ACCUMULO-3613 Remove invalid property.

Repository: accumulo
Updated Branches:
  refs/heads/master 8f6558c90 -> 95b9f00a8


ACCUMULO-3613 Remove invalid property.

Fix some grammar at the same time.


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/97832e9b
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/97832e9b
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/97832e9b

Branch: refs/heads/master
Commit: 97832e9bb4b2804d06113bef45fc864fe2b36beb
Parents: 8f6558c
Author: Josh Elser <el...@apache.org>
Authored: Mon Feb 23 12:12:25 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Mon Feb 23 12:12:25 2015 -0500

----------------------------------------------------------------------
 docs/src/main/asciidoc/chapters/kerberos.txt | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/97832e9b/docs/src/main/asciidoc/chapters/kerberos.txt
----------------------------------------------------------------------
diff --git a/docs/src/main/asciidoc/chapters/kerberos.txt b/docs/src/main/asciidoc/chapters/kerberos.txt
index acaf3bc..ef7a7f5 100644
--- a/docs/src/main/asciidoc/chapters/kerberos.txt
+++ b/docs/src/main/asciidoc/chapters/kerberos.txt
@@ -139,7 +139,7 @@ kadmin.local -q "xst -k accumulo.service.keytab -glob accumulo*"
 
 To ensure that the SASL handshake can occur from clients to servers and servers to servers,
 all Accumulo servers must share the same instance and realm principal components as the
-"client" must know these to setup the connection with the "server".
+"client" needs to know these to set up the connection with the "server".
 
 ===== Server Configuration
 
@@ -325,7 +325,6 @@ Three items need to be set to enable access to Accumulo:
 
 * +instance.rpc.sasl.enabled+=_true_
 * +kerberos.server.primary+=_accumulo_
-* +kerberos.server.realm+=_EXAMPLE.COM_
 
 The second and third properties *must* match the configuration of the accumulo servers; this is
 required to set up the SASL transport.

[2/2] accumulo git commit: ACCUMULO-3607 Add section about `accumulo init` with kerberos

Posted by el...@apache.org.

ACCUMULO-3607 Add section about `accumulo init` with kerberos


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/95b9f00a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/95b9f00a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/95b9f00a

Branch: refs/heads/master
Commit: 95b9f00a8facc7778840febf4b44fde404f688fa
Parents: 97832e9
Author: Josh Elser <el...@apache.org>
Authored: Mon Feb 23 12:24:41 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Mon Feb 23 12:24:41 2015 -0500

----------------------------------------------------------------------
 docs/src/main/asciidoc/chapters/kerberos.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/95b9f00a/docs/src/main/asciidoc/chapters/kerberos.txt
----------------------------------------------------------------------
diff --git a/docs/src/main/asciidoc/chapters/kerberos.txt b/docs/src/main/asciidoc/chapters/kerberos.txt
index ef7a7f5..95fd5f6 100644
--- a/docs/src/main/asciidoc/chapters/kerberos.txt
+++ b/docs/src/main/asciidoc/chapters/kerberos.txt
@@ -210,6 +210,19 @@ The KDC is still the authoritative entity for user management. The previously me
 are provided as they simplify management of users within Accumulo, especially with respect
 to granting Authorizations and Permissions to new users.
 
+===== Accumulo Initialization
+
+Out of the box (without Kerberos enabled), Accumulo has a single user with administrative permissions "root".
+This users is used to "bootstrap" other users, creating less-privileged users for applications using
+the system. In Kerberos, to authenticate with the system, it's required that the client presents Kerberos
+credentials for the principal (user) the client is trying to authenticate as.
+
+Because of this, an administrative user named "root" would be useless in an instance using Kerberos,
+because it is very unlikely to have Kerberos credentials for a principal named `root`. When Kerberos is
+enabled, Accumulo will prompt for the name of a user to grant the same permissions as what the `root`
+user would normally have. The name of the Accumulo user to grant administrative permissions to can
+also be given by the `-u` or `--user` options.
+
 ===== Verifying secure access
 
 To verify that servers have correctly started with Kerberos enabled, ensure that the processes