-Re: Change in 'accumulo init' behavior
John Vines 2013-02-02, 20:10
Keep in mind that not all users will be using a user management system
outside of the existing one. Last thing we want to do is to make first time
users jump through even more hoops to get started. The basic zookeeper
based system is still quite functional, and I really don't see us moving
away from it. Both from a quick start sense as well as from a simplicity
standpoint as I see the more common use case being externalized
authentication and continued use of the zookeeper authorization and
permission handling. Now, if the future, perhaps it would be ideal to
create a separate management interface for it. But there still maintains
the possibility that other implementations can harness some of the user
management interfaces as well. I prefer to keep them in and then it's up to
the implementions to utilize or throw an UnsupportedOperation error code.
On Sat, Feb 2, 2013 at 12:19 AM, Christopher <[EMAIL PROTECTED]> wrote:
> David, John-
> This is a good point. I think it'd be better to retain the previous
> behavior, for backwards compatibility, or eliminate all these prompts
> entirely (my preference is the latter). If I may speak about the original
> design of the user management functionality, the whole point of a "root"
> user in the first place was to provide a basis for managing other users.
> However, this role is obsoleted by any pluggable authentication mechanism,
> because those alternate implementations may have drastically different user
> management capabilities, and the root user is no longer required.
> A large part of my overall criticism of the new authentication model is
> this intermingling of pluggable authentication mechanisms with Accumulo's
> former API for user management. I find it difficult to get behind a
> pluggable authentication system that still tightly coupled to the built-in
> user management functionality (except where needed for backwards
> compatibility with the user/password)... mainly, because I thought the
> whole point of pluggable authentication (or at least, the best argument for
> it) was to unlink these, and allow user- and authorization-management
> external to Accumulo.
> Christopher L Tubbs II
> On Fri, Feb 1, 2013 at 11:50 PM, John Vines <[EMAIL PROTECTED]> wrote:
>> Yes, this has changed in trunk to support the pluggable authentication
>> Sent from my phone, please pardon the typos and brevity.
>> On Feb 1, 2013 11:36 PM, "David Medinets" <[EMAIL PROTECTED]>
>> > The following command used to work:
>> > su accumulo -c "/usr/local/accumulo/bin/accumulo init
>> > --clear-instance-name --instance-name instance --password secret"
>> > but now it is asking for a name:
>> > Enter name for initial root user ( root):
>> > I can easily update my script to use --username but wanted to point
>> > out this behaviour change.