You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Thomas Tauber-Marshall (JIRA)" <ji...@apache.org> on 2019/08/02 19:18:00 UTC

[jira] [Created] (IMPALA-8828) Support impersonation via http paths

Thomas Tauber-Marshall created IMPALA-8828:
----------------------------------------------

             Summary: Support impersonation via http paths
                 Key: IMPALA-8828
                 URL: https://issues.apache.org/jira/browse/IMPALA-8828
             Project: IMPALA
          Issue Type: Improvement
          Components: Clients
    Affects Versions: Impala 3.3.0
            Reporter: Thomas Tauber-Marshall
            Assignee: Thomas Tauber-Marshall


When clients connect over http, we should allow them to perform impersonation via the 'doAs' parameter, eg. by specifying a path of the form '/?doAs=<username>'

This is useful for example for Apache Knox, which proxies connections to Impala and authenticates as itself via Kerberos but runs queries as other users.

We can leverage the existing support for impersonation, eg. knox would have to be included in 'authorized_proxy_user_config' to be able to do the impersonation



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org