[
https://issues.apache.org/jira/browse/AMBARI-19187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Magyar updated AMBARI-19187:
-----------------------------------
Attachment: AMBARI-19187_trunk.patch
AMBARI-19187_branch-2.5.patch
> Disable security hook
> ---------------------
>
> Key: AMBARI-19187
> URL: https://issues.apache.org/jira/browse/AMBARI-19187
> Project: Ambari
> Issue Type: New Feature
> Components: ambari-agent, ambari-server
> Affects Versions: 2.5.0
> Reporter: Attila Magyar
> Assignee: Attila Magyar
> Fix For: 2.5.0
>
> Attachments: AMBARI-19187_branch-2.5.patch, AMBARI-19187_trunk.patch
>
>
> Hadoop components need to establish a secure connection with ZooKeeper when
> Kerberos is enabled. This involves the setup of the correct authentication
> (JAAS config file) and authorization (per-component Kerberos-backed ACLs on
> the znodes) between the service and ZooKeeper. Most services are able to set
> these ACLs based on their config when the user enable kerberos.
> When we disable kerberos again, the sasl ACL should be removed otherwise the
> services won't be able to access their znodes.
> This issue is about introducing a new command (DISABLE_SECURITY) that will be
> sent by the ambari server to the services upon the dekerberiztion process.
> When a service receives this command it will be able to do the zookeeper
> secure to unsecure migration process (e.g. removing sasl ACLs).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
