duongkame commented on code in PR #4597:
URL: https://github.com/apache/ozone/pull/4597#discussion_r1185457205
##########
hadoop-hdds/common/src/main/resources/ozone-default.xml:
##########
@@ -2457,6 +2457,24 @@
client scm container protocol.
</description>
</property>
+ <property>
+ <name>hdds.security.client.scm.secretkey.om.protocol.acl</name>
+ <value>*</value>
Review Comment:
The default rule to enforce only configured OM principal is enforced by:
```
@KerberosInfo(
serverPrincipal = HDDS_SCM_KERBEROS_PRINCIPAL_KEY,
// TODO: move OMConfigKeys.OZONE_OM_KERBEROS_PRINCIPAL_KEY to
hdds-common.
clientPrincipal = "ozone.om.kerberos.principal"
)
public interface SCMSecretKeyProtocolOmPB extends....
```
This ACL allows the admin user to add a concrete user name to the ACL list.
We can't pass a config key ("ozone.om.kerberos.principal") to this ACL.
Furthermore, it's a framework standard setup. I may not need it, but can't
omit.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
