Github user priyank5485 commented on the pull request:
https://github.com/apache/storm/pull/692#issuecomment-145642316
@revans2 I think what you mentioned above would not happen. I mean the part
where you say that storm running in unsecured mode and hdfs in secured mode
will disable security. Please correct me if i am wrong. I am new to this. But
the way i imagine it will work is that the proxy user functionality code(which
is doAs part) will be executed only after the user is logged in to HDFS. In
secured mode user will already be validated using keytab. Above that hdfs needs
config entries in core-site.xml which is needed for the proxy user
functionality to work. Please look at the configurations section at
http://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html
hdfs in that case would make sure that if the logged in user is not
authorized to impersonate as some other user based on that config it will throw
an exception. Again, there is a good chance i might be missing something here.
Please correct me if i am wrong.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
