Hi all,
A quick question for something that is puzzling me. I can download policies
from then Admin service with no credentials like e.g.:
curl -v http://localhost:6080/service/plugins/policies/download/cl1_hadoop
However, when my kerberized HDFS plugin tries to pull policies down (as the
"hdfs" user), I get an authorization error that the user is not allowed to
download the policies. I have to edit the "cl1_hadoop" configuration and
add the "hdfs" user to the "policy.download.auth.users" property.
Why is this step necessary when I can just download the policies with no
credentials with curl? Are we looking at a security issue here?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
|