[
https://issues.apache.org/jira/browse/HADOOP-10448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14011783#comment-14011783
]
Arpit Agarwal commented on HADOOP-10448:
----------------------------------------
Hi [~benoyantony],
During {{ImpersonationProvider}} initialization:
{code}
public static void authorize(UserGroupInformation user,
String remoteAddress) throws AuthorizationException {
if (sip==null) {
refreshSuperUserGroupsConfiguration();
}
{code}
and in {{refreshSuperUserGroupsConfiguration}}
{code}
public static void refreshSuperUserGroupsConfiguration(Configuration conf) {
sip = getInstance(conf);
...
{code}
So the first few calls could be serviced by different {{ImpersonationProvider}}
objects.
Is this acceptable behavior? It should be documented if so.
> Support pluggable mechanism to specify proxy user settings
> ----------------------------------------------------------
>
> Key: HADOOP-10448
> URL: https://issues.apache.org/jira/browse/HADOOP-10448
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 2.3.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10448.patch, HADOOP-10448.patch,
> HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
> HADOOP-10448.patch, HADOOP-10448.patch, HADOOP-10448.patch,
> HADOOP-10448.patch, HADOOP-10448.patch
>
>
> We have a requirement to support large number of superusers. (users who
> impersonate as another user)
> (http://hadoop.apache.org/docs/r1.2.1/Secure_Impersonation.html)
> Currently each superuser needs to be defined in the core-site.xml via
> proxyuser settings. This will be cumbersome when there are 1000 entries.
> It seems useful to have a pluggable mechanism to specify proxy user settings
> with the current approach as the default.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
