Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
Accumulo >> mail # dev >> SecAdmin


+
John Vines 2012-07-02, 20:46
+
Adam Fuchs 2012-07-06, 14:23
Depending on what kind of interfaces you want to support, you could
use something similar to CAS. A Ruby implementation can be found at
http://code.google.com/p/rubycas-server/ .

On Fri, Jul 6, 2012 at 10:23 AM, Adam Fuchs <[EMAIL PROTECTED]> wrote:
> One thought I had on this is that once we make authorization and
> authentication pluggable, all of these concerns can be offloaded to
> whatever system implements the back-end. The basic authentication and
> authorization that we provide out of the box does not necessarily need to
> have the most advanced configuration features. Perhaps we should keep it
> simple, like it is now? Is there another project onto which we can heap
> these requirements?
>
> Adam
>
>
> On Mon, Jul 2, 2012 at 4:46 PM, John Vines <[EMAIL PROTECTED]> wrote:
>
>> One point that has been brought to my attention is that the administration
>> of users and their authorizations brings difficulties to development. There
>> are situations where you trust a user to create users, modify their
>> privileges, and drop users, but not to manage a users authorizations.
>> After talking to someone, the idea of a Secadmin was brought to my
>> attention. We should split the administration space into two areas. The
>> Grant privilege is still the root for granting Secadmin and for modifying
>> authorizations. Secadmin should be the necessary privilege for managing
>> users besides their authorizations. This allows a user who's trust enough
>> to create users but not trusted enough to grant access to the various
>> levels of data.
>>
>> I'm opening up this as a discussion for dev to hear the communities
>> thoughts and hash out details prior to ticket creation. Ideally these
>> changes will get rolled into my branch for ACCUMULO-259, to be implemented
>> in Accumulo 1.5.
>>
>> John
>>
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB