Shivani Gupta created AMBARI-6857:
-------------------------------------
Summary: Storm kerberos security support
Key: AMBARI-6857
URL: https://issues.apache.org/jira/browse/AMBARI-6857
Project: Ambari
Issue Type: Improvement
Affects Versions: 1.8.0
Reporter: Shivani Gupta
Fix For: 1.8.0
Currently Storm does not support any authentication and all topologies run
under the same user. Yahoo has already done the work to fix some of this and we
need to pick this up.
1. Kerberos authentication with Nimbus & other Storm daemons
2. Ability to run worker processes as the user who submitted the topology
3. ACLs in Storm to restrict topology access by user
4. When visiting Nimbus UI from Ambari OR directly accessing it from the
browser, users should be authenticated and only shown the topologies that they
have access to.
5. When using the REST API or CLI, users should be authenticated and only
allowed manipulate or access data for the topologies they have access to
Links to Yahoo's work:
https://github.com/yahoo/incubator-storm/blob/security/security.md
Describes a bit about how to set up a secure storm cluster, and the changes
that we have put in.
https://github.com/yahoo/incubator-storm/compare/security
Shows the diff of the two and
https://github.com/yahoo/incubator-storm/tree/security
Also See Apache JIRA - https://issues.apache.org/jira/browse/STORM-216
--
This message was sent by Atlassian JIRA
(v6.2#6252)
