[
https://issues.apache.org/jira/browse/STORM-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14942364#comment-14942364
]
ASF GitHub Bot commented on STORM-997:
--------------------------------------
Github user revans2 commented on the pull request:
https://github.com/apache/storm/pull/692#issuecomment-145260515
@priyank5485 and others I am not totally sure that this is a good idea. If
HDFS is running secure and Storm is running insecure, with this feature enabled
you have now disabled security in HDFS, so anyone who can submit a topology
(a.k.a everyone) can pretend to be any user in HDFS. To me I would much rather
see the feature that allows this to work with an arbitrary UGI. Or better have
a keytab installed on the worker nodes then you just need a config to point to
that keytab and the principal you want to use out of it.
I am -0 on this change. I am not going to block it, but I would prefer to
see it done a different way.
> Add support for user specified UGI - (UserGroupInformation) for storm hdfs
> connector
> ------------------------------------------------------------------------------------
>
> Key: STORM-997
> URL: https://issues.apache.org/jira/browse/STORM-997
> Project: Apache Storm
> Issue Type: Sub-task
> Components: storm-hdfs
> Reporter: Priyank Shah
> Assignee: Priyank Shah
>
> In a non-secure environment, Storm HDFS component that provides interaction
> with HDFS from storm currently does that as the user storm with which the
> worker process had been started. We want to allow the component to interact
> with hdfs as the user provided instead of user running the worker process
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
