[
https://issues.apache.org/jira/browse/AMBARI-6857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yusaku Sako resolved AMBARI-6857.
---------------------------------
Resolution: Implemented
> Storm kerberos security support
> -------------------------------
>
> Key: AMBARI-6857
> URL: https://issues.apache.org/jira/browse/AMBARI-6857
> Project: Ambari
> Issue Type: Improvement
> Affects Versions: 1.7.0
> Reporter: Shivani Gupta
> Fix For: 1.7.0
>
>
> Currently Storm does not support any authentication and all topologies run
> under the same user. Yahoo has already done the work to fix some of this and
> we need to pick this up.
> 1. Kerberos authentication with Nimbus & other Storm daemons
> 2. Ability to run worker processes as the user who submitted the topology
> 3. ACLs in Storm to restrict topology access by user
> 4. When visiting Nimbus UI from Ambari OR directly accessing it from the
> browser, users should be authenticated and only shown the topologies that
> they have access to.
> 5. When using the REST API or CLI, users should be authenticated and only
> allowed manipulate or access data for the topologies they have access to
> Links to Yahoo's work:
> https://github.com/yahoo/incubator-storm/blob/security/security.md
> Describes a bit about how to set up a secure storm cluster, and the changes
> that we have put in.
> https://github.com/yahoo/incubator-storm/compare/security
> Shows the diff of the two and
> https://github.com/yahoo/incubator-storm/tree/security
> Also See Apache JIRA - https://issues.apache.org/jira/browse/STORM-216
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
