[
https://issues.apache.org/jira/browse/ACCUMULO-4135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15135645#comment-15135645
]
ASF GitHub Bot commented on ACCUMULO-4135:
------------------------------------------
Github user joshelser commented on the pull request:
https://github.com/apache/accumulo/pull/67#issuecomment-180708585
This is what I was thinking about. Old tests appear to pass, as do the new
variants.
I need to update the user manual, though, to reflect the new configuration
means. Old properties are still there too (for backwards compat), but, moving
forward, we should try to have people use these new properties.
> Change Kerberos impersonation configuration keys
> ------------------------------------------------
>
> Key: ACCUMULO-4135
> URL: https://issues.apache.org/jira/browse/ACCUMULO-4135
> Project: Accumulo
> Issue Type: Bug
> Components: core
> Affects Versions: 1.7.0
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Blocker
> Fix For: 1.7.1, 1.8.0
>
>
> For the user impersonation support with Kerberos, we need to be able to
> represent the following:
> For userA, what other users may userA "act" as and from what host(s) may
> userA do this from.
> This was represented as the following in accumulo-site.xml:
> * {{<prefix>.userA.users}}=user1,user2,user3...
> * {{<prefix>.userA.hosts}}=fqdn1,fqdn2,fqdn3...
> Because we're dealing with Kerberos, "userA" is actually something like
> "primary/instance@REALM".
> I've recently found out that Ambari doesn't like this and apparently it would
> be prohibitively difficult to change it there (urlencode, what?). I'll add
> some new configuration properties here that change the structure so that
> there are options for users to configure this through all deployment
> mechanisms.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
