Impersonate Kerberos user on HDFS
ronnie sahlberg
ronniesahlberg at gmail.com
Thu Apr 11 03:21:02 EDT 2024
On Thu, 11 Apr 2024 at 16:43, Philippe de Rochambeau <phiroc at free.fr> wrote:
>
> Hello,
>
> Let's say a user has the following rights on HDFS (which are constrained Apache Ranger):
>
> /prd/a/b/c <- read right
> /prd/a/b/d <- read/write right
>
> I would like to get a broad picture of his/her complete access rights.
>
> I could look at the general policies in Apache Ranger and try to figure out which apply to my user, but that's complicated.
>
> I wonder if there is another way (which ideally could be automated with a script) roughly:
>
> - impersonate the user as, say, admin, with kinit; e.g. kinit <user>
I don't think this is what is considered "impersonating" the user.
If you authenticate with kinit <user> you are not impersonating that
user, you ARE/BECOME that user.
> - scan all HDFS directories and try to read or write
>
> Does anyone have suggestions?
>
> PS I've asked similar questions on the Apache Ranger mailing list, but with no success.
>
> Many thanks.
>
> Philippe
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list