forLp811 commented on PR #8877: URL: https://github.com/apache/gravitino/pull/8877#issuecomment-3431481467
> There are several points to discuss: > > 1. Is the parameter `doAs` standard operation for Hadoop system? > 2. We should limit the users which is allowed impersonate, this should be a configuration files. > 3. Should the simple mode be thought about `doAs`? > 4. The interfaces shouldn't be bind to HTTP. Maybe we support other protocols, we can reuse the authenticator as soon as we can. In the Hadoop ecosystem, if Kerberos is enabled, Knox is a dedicated component used to act as an intermediary for the Web UI., This "doAs" is merely a parameter name for the Knox component. The user still needs to login using the Kerberos password, and it is secure. simple mode, webui can be opened normally, then Knox is not necessary. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
