Yusako, this is very helpful! This is exactly what I was looking for. By the way, is there any documentation about the API somewhere? So far I just I just know about the http://localhost:8080/api/v1/users and http://localhost:8080/api/v1/ <http://localhost:8080/api/v1/users/>clusters. Attempting to access http://localhost:8080/api/v<http://localhost:8080/api/v1/users/>1 gives a 404.
On Wed, Mar 5, 2014 at 1:41 PM, Yusaku Sako <[email protected]> wrote: > Hi Alex, > > > Do you mean that admin users CAN change passwords through the API in > configs.sh? > > No, admins cannot change user passwords via configs.sh; configs.sh is a > wrapper that uses the API to manage "configuration" objects that do not > deal with user passwords. > However, admins can change passwords directly via the API (or with a > similar wrapper script). > Here's an example: > > curl -i -uadmin:admin -H "X-Requested-By: ambari" -X PUT -d > '{"Users":{"roles":"admin,user","password":"mysecret","old_password":"admin"}}' > http://localhost:8080/api/v1/users/<user-name> > > where: > * "roles" is a comma-delimited list of roles that the user should belong > to "admin,user" for admin users; just "user" for non-admin users. > * "password" is the new password to set for the user > * "old_password" is misleading, but* it's the password of the admin user > invoking this call*. If you omit this parameter, the API call seems to > go thru, but the password does not actually change. This is a bit > redundant and confusing, but that's how it works today... > > I hope this helps! > > Yusaku > > > > On Wed, Mar 5, 2014 at 8:20 AM, Alex Nastetsky <[email protected]>wrote: > >> Thanks Yusaku, >> >> Do you mean that admin users CAN change passwords through the API in >> configs.sh? I couldn't find how to do that. None of the CONFIG_TYPE values >> seem relevant, they all deal directly with other Hadoop services. >> >> I'm talking about this: >> >> <CONFIG_TYPE>: One of the various configuration types in Ambari. >> Ex:global, core-site, hdfs-site, mapred-queue-acls, etc. >> >> >> >> On Wed, Mar 5, 2014 at 11:11 AM, Yusaku Sako <[email protected]>wrote: >> >>> Hi Alex, >>> >>> Ambari can be configured to use a built-in local user store (default) or >>> an external LDAP server (including ActiveDirectory), which can be managed >>> outside of Ambari. >>> Unfortunately the built-in user store is a bit simplistic in that only >>> Admins can change the password on behalf of the non-admin user as you >>> mentioned. The API currently prevents non-admin users from invoking any >>> write operations, including changing their own password, so there is not a >>> good way to do this via the API for now. >>> >>> Yusaku >>> On Mar 5, 2014 7:49 AM, "Alex Nastetsky" <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> I keep getting spam errors when I send emails to this list. This is my >>>> attempt to circumvent that by putting my message content in a pastebin: >>>> >>>> http://pastebin.com/raw.php?i=K03dwytn >>>> >>>> Thanks. >>>> >>> >>> CONFIDENTIALITY NOTICE >>> NOTICE: This message is intended for the use of the individual or entity >>> to which it is addressed and may contain information that is confidential, >>> privileged and exempt from disclosure under applicable law. If the reader >>> of this message is not the intended recipient, you are hereby notified that >>> any printing, copying, dissemination, distribution, disclosure or >>> forwarding of this communication is strictly prohibited. If you have >>> received this communication in error, please contact the sender immediately >>> and delete it from your system. Thank You. >> >> >> > > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity > to which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You. >
