trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DaveBirdsall <...@git.apache.org>
Subject [GitHub] incubator-trafodion pull request #558: TRAFODION [2056] Update installation ...
Date Mon, 27 Jun 2016 17:05:16 GMT
Github user DaveBirdsall commented on a diff in the pull request:

    https://github.com/apache/incubator-trafodion/pull/558#discussion_r68615492
  
    --- Diff: docs/provisioning_guide/src/asciidoc/_chapters/enable_security.adoc ---
    @@ -489,3 +481,46 @@ Each LDAP connection configuration section must provide at least
one unique iden
     | 11     | At least one LDAP connection configuration section must be specified.
     | 12     | Internal error parsing `.traf_authentication_config`.
     |===
    +
    +[[enable-security-manage-users]]
    +== Manage Users
    +Kerberos is enabled for installations that require a secure Hadoop environment.  LDAP
is enabled to enforce authentication for any 
    +user connecting to {project-name}.  The {project-name} database enforces privileges on
the database, database schemas, database 
    +objects (table, views, etc) and database operations.  Privileges are enforced when authorization
is enabled.  When LDAP or Kerberos 
    +is enabled, authorization is automatically enabled.  
    +
    +To determine the status of authentication and authorization, bring up sqlci and perform
"env;". 
    +
    +```
    +>>env;
    +----------------------------------
    +Current Environment
    +----------------------------------
    +AUTHENTICATION     enabled
    +AUTHORIZATION      enabled
    +CURRENT DIRECTORY  /.../incubator-trafodion/install/installer
    +LIST_COUNT         4294967295
    +LOG FILE
    +MESSAGEFILE        /.../incubator-trafodion/core/sqf/export/ ...
    +MESSAGEFILE LANG   US English
    +MESSAGEFILE VRSN   {2016-06-14 22:27 LINUX:host/user} 
    +SQL CATALOG        TRAFODION
    +SQL SCHEMA         SCH
    +SQL USER CONNECTED user not connected
    +SQL USER DB NAME   SQLUSER1
    +SQL USER ID        33367
    +TERMINAL CHARSET   ISO88591
    +TRANSACTION ID     
    +TRANSACTION STATE  not in progress
    +WARNINGS           on
    +```
    +
    +Once authorization is enabled, there is one predefined database user called DB__ROOT
associated with your specified LDAP username.
    +Please connect to the database and this user and register users that will perform database
admin management. The database
    +admin can then connect and setup required users, roles, and privileges.
    +
    +TBD - add pointer to the security best practices guide.
    --- End diff --
    
    Unfinished work?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message