[jira] [Commented] (ACCUMULO-2907) Invalidate "this may not be applicable for your security setup" warning from initialize

[Josh Elser (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16176528#comment-16176528
 ] 

Josh Elser commented on ACCUMULO-2907:
--------------------------------------

bq. it was completely irrelevant given prior comments

Yeah, let me give a brief overview. Authn/Authz are "pluggable" in Accumulo -- 
you can provide your own implementations. For a long time, the only provided 
implementation was a username+password model (where the security information 
was stored securely in ZooKeeper). This meant that there was a strong coupling 
with {{accumulo init}} prompting for a password because the only provided 
mechanism expected a password.

With the introduction of Kerberos for authentication, this is the first 
"community provided" implementation that doesn't rely on a username+password 
authentication scheme (Kerberos has a notion of tickets which are passed 
between client-server). I believe John had a custom implementation which used 
some other tools for authn. Same thing at the end of the day: we have an 
implementation in which the Accumulo "superuser" may not always be called 
"root" nor will "root" always have a password.

There are many ways you could slice this. The easiest I can think of off the 
bat would be to do a check on the configuration to what the authenticator is 
and update the shell as such. A better fix would be adding some method to the 
Authenticator interface which can provide this information to the shell to call 
(e.g. the Shell can ask the Authenticator "do you perform password-based 
authentication"). The latter would take a little bit of time/effort to 
understand.

>  Invalidate "this may not be applicable for your security setup" warning from 
> initialize
> ----------------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-2907
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2907
>             Project: Accumulo
>          Issue Type: Improvement
>            Reporter: Josh Elser
>            Assignee: Mark Owens
>            Priority: Minor
>              Labels: newbie
>
> The warning that is printed about setting a root password may not be 
> applicable for your security setup is invalid because the plugable 
> authentication modules do not manage the root user and it is expected that 
> there will always be a local root user with a password.
> Remove the warning.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)