Xuze Yang created RANGER-4481:
---------------------------------
Summary: Add a configuration item to support Ranger client not
using authentication
Key: RANGER-4481
URL: https://issues.apache.org/jira/browse/RANGER-4481
Project: Ranger
Issue Type: Improvement
Components: Ranger
Affects Versions: 2.1.0
Reporter: Xuze Yang
As described in
[RANGER-3602|https://issues.apache.org/jira/browse/RANGER-3602], ranger
supports downloading policies and roles through unauthenticated http requests
even if kerberos is enabled on the server.
But in terms of the current implementation of RangerAdminRESTClient, whether to
enable authenticated HTTP requests depends on the service in which it is
located. For example, if the Hadoop service has kerberos enabled, then the
RangerAdminRESTClient in the HDFS and Yarn plugins will also use authenticated
HTTP requests.
I think this is not reasonable enough. In this case (both the Ranger server and
Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS and
Yarn plugins should also be allowed to download policies and roles through
unauthenticated HTTP requests.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
