[
https://issues.apache.org/jira/browse/STORM-1851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15297686#comment-15297686
]
ASF GitHub Bot commented on STORM-1851:
---------------------------------------
Github user arunmahadevan commented on the pull request:
https://github.com/apache/storm/pull/1435#issuecomment-221167394
@hmcl the details of setting up impersonation is documented in
https://github.com/apache/storm/blob/master/docs/SECURITY.md
Maybe I can explicitly mention the default behavior.
> Nimbus impersonation authorizer in defaults.yaml causes issues in secure mode
> -----------------------------------------------------------------------------
>
> Key: STORM-1851
> URL: https://issues.apache.org/jira/browse/STORM-1851
> Project: Apache Storm
> Issue Type: Bug
> Reporter: Arun Mahadevan
> Assignee: Arun Mahadevan
> Priority: Minor
>
> "nimbus.impersonation.authorizer" is set to "ImpersonationAuthorizer" by
> default and this causes issues when a user tries to submit topology as a
> different user in secure mode since the "nimbus.impersonation.acl"
> configuration is not set by default. Users need to set
> nimbus.impersonation.acl first before they can submit topology as a user
> other than "storm" in secure mode.
> Removing this config allows users to submit topologies as any user in secure
> mode by default. Users can set up impersonation by providing both authorizer
> and the acls in storm.yaml.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
