[
https://issues.apache.org/jira/browse/IMPALA-8828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16901263#comment-16901263
]
Alex Rodoni commented on IMPALA-8828:
-------------------------------------
[~twmarshall] Will this require doc updates in impala_delegation.html?
> Support impersonation via http paths
> ------------------------------------
>
> Key: IMPALA-8828
> URL: https://issues.apache.org/jira/browse/IMPALA-8828
> Project: IMPALA
> Issue Type: Improvement
> Components: Clients
> Affects Versions: Impala 3.3.0
> Reporter: Thomas Tauber-Marshall
> Assignee: Thomas Tauber-Marshall
> Priority: Major
> Labels: security
> Fix For: Impala 3.3.0
>
>
> When clients connect over http, we should allow them to perform impersonation
> via the 'doAs' parameter, eg. by specifying a path of the form
> '/?doAs=<username>'
> This is useful for example for Apache Knox, which proxies connections to
> Impala and authenticates as itself via Kerberos but runs queries as other
> users.
> We can leverage the existing support for impersonation, eg. knox would have
> to be included in 'authorized_proxy_user_config' to be able to do the
> impersonation
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
