[GitHub] incubator-trafodion pull request #558: TRAFODION [2056] Update installation ...

Mon, 27 Jun 2016 10:05:39 -0700 

Github user DaveBirdsall commented on a diff in the pull request:

    https://github.com/apache/incubator-trafodion/pull/558#discussion_r68615492
  
    --- Diff: 
docs/provisioning_guide/src/asciidoc/_chapters/enable_security.adoc ---
    @@ -489,3 +481,46 @@ Each LDAP connection configuration section must 
provide at least one unique iden
     | 11     | At least one LDAP connection configuration section must be 
specified.
     | 12     | Internal error parsing `.traf_authentication_config`.
     |===
    +
    +[[enable-security-manage-users]]
    +== Manage Users
    +Kerberos is enabled for installations that require a secure Hadoop 
environment.  LDAP is enabled to enforce authentication for any 
    +user connecting to {project-name}.  The {project-name} database enforces 
privileges on the database, database schemas, database 
    +objects (table, views, etc) and database operations.  Privileges are 
enforced when authorization is enabled.  When LDAP or Kerberos 
    +is enabled, authorization is automatically enabled.  
    +
    +To determine the status of authentication and authorization, bring up 
sqlci and perform "env;". 
    +
    +```
    +>>env;
    +----------------------------------
    +Current Environment
    +----------------------------------
    +AUTHENTICATION     enabled
    +AUTHORIZATION      enabled
    +CURRENT DIRECTORY  /.../incubator-trafodion/install/installer
    +LIST_COUNT         4294967295
    +LOG FILE
    +MESSAGEFILE        /.../incubator-trafodion/core/sqf/export/ ...
    +MESSAGEFILE LANG   US English
    +MESSAGEFILE VRSN   {2016-06-14 22:27 LINUX:host/user} 
    +SQL CATALOG        TRAFODION
    +SQL SCHEMA         SCH
    +SQL USER CONNECTED user not connected
    +SQL USER DB NAME   SQLUSER1
    +SQL USER ID        33367
    +TERMINAL CHARSET   ISO88591
    +TRANSACTION ID     
    +TRANSACTION STATE  not in progress
    +WARNINGS           on
    +```
    +
    +Once authorization is enabled, there is one predefined database user 
called DB__ROOT associated with your specified LDAP username.
    +Please connect to the database and this user and register users that will 
perform database admin management. The database
    +admin can then connect and setup required users, roles, and privileges.
    +
    +TBD - add pointer to the security best practices guide.
    --- End diff --
    
    Unfinished work?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to