Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

comments added into sample JAAS configurations

  • Loading branch information...
commit 1cfd8b5030b6327731e94df8a939f166f4148794 1 parent c729f45
afeng authored
View
11 conf/jaas_digest.conf
@@ -1,8 +1,19 @@
+/* This is example of JAAS Login configuration for digest authentication
+*/
+
+/*
+StormServer section should contain a list of authorized users and their passwords.
+*/
StormServer {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret"
user_bob="bobsecret";
+ user_john="johnsecret";
};
+
+/*
+StormClient section contains one user name and his/her password.
+*/
StormClient {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="bob"
View
22 conf/jaas_kerberos_cluster.conf
@@ -1,17 +1,31 @@
+/*
+This is a sample JAAS configuration for Storm servers to handle Kerberos authentication
+*/
+
+/*
+ StormServer section should contains the info about server keytab file and server principal.
+ In Storm, we have 2 thrift servers: Nimbus and DRPC. These servers could be assigned with
+ different principals.
+*/
StormServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
- keyTab="/etc/nimbus_server.keytab"
+ keyTab="/etc/storm_server.keytab"
storeKey=true
useTicketCache=false
- principal="storm_server/carcloth.corp.acme.com@STORM.CORP.ACME.COM";
+ principal="storm_service/carcloth.corp.acme.com@STORM.CORP.ACME.COM";
};
+
+/*
+StormClient section should contains the info about client keytab file and client principal.
+For example, Supervisors are clients of Nimbus, and we should assign keytab/principal for supervisors.
+*/
StormClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
- keyTab="/etc/nimbus_client.keytab"
+ keyTab="/etc/storm_client.keytab"
storeKey=true
useTicketCache=false
- serviceName="storm_server";
+ serviceName="storm_service";
};
View
7 conf/jaas_kerberos_launcher.conf
@@ -1,7 +1,12 @@
+/*
+ This is a sample JAAS configuration for Storm topology launcher/submitter.
+ Since launcher machines are typically accessible by many folks, we
+ encourage you to leverage "kinit", instead of keytab.
+*/
StormClient {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
useTicketCache=true
- serviceName="storm_server";
+ serviceName="storm_service";
};
View
2  test/clj/backtype/storm/security/auth/jaas_digest.conf
@@ -1,3 +1,5 @@
+/* This sample file illustrates how Digest authentication should be configured
+*/
StormServer {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret"
View
3  test/clj/backtype/storm/security/auth/jaas_digest_bad_password.conf
@@ -1,3 +1,6 @@
+/* This sample file containes incorrect password of a user.
+ We use this file for negative test.
+*/
StormServer {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret"
View
3  test/clj/backtype/storm/security/auth/jaas_digest_unknown_user.conf
@@ -1,3 +1,6 @@
+/* This sample file containes an unauthorized user.
+ We use this file for negative test.
+*/
StormServer {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret"
Please sign in to comment.
Something went wrong with that request. Please try again.