[
https://issues.apache.org/jira/browse/STORM-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14943891#comment-14943891
]
ASF GitHub Bot commented on STORM-997:
--------------------------------------
Github user priyank5485 commented on the pull request:
https://github.com/apache/storm/pull/692#issuecomment-145642316
@revans2 I think what you mentioned above would not happen. I mean the part
where you say that storm running in unsecured mode and hdfs in secured mode
will disable security. Please correct me if i am wrong. I am new to this. But
the way i imagine it will work is that the proxy user functionality code(which
is doAs part) will be executed only after the user is logged in to HDFS. In
secured mode user will already be validated using keytab. Above that hdfs needs
config entries in core-site.xml which is needed for the proxy user
functionality to work. Please look at the configurations section at
http://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html
hdfs in that case would make sure that if the logged in user is not
authorized to impersonate as some other user based on that config it will throw
an exception. Again, there is a good chance i might be missing something here.
Please correct me if i am wrong.
> Add support for user specified UGI - (UserGroupInformation) for storm hdfs
> connector
> ------------------------------------------------------------------------------------
>
> Key: STORM-997
> URL: https://issues.apache.org/jira/browse/STORM-997
> Project: Apache Storm
> Issue Type: Sub-task
> Components: storm-hdfs
> Reporter: Priyank Shah
> Assignee: Priyank Shah
>
> In a non-secure environment, Storm HDFS component that provides interaction
> with HDFS from storm currently does that as the user storm with which the
> worker process had been started. We want to allow the component to interact
> with hdfs as the user provided instead of user running the worker process
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
