[ACCUMULO-1300] Allow multiple, prioritized authentication systems - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.5.0
Fix Version/s: None
Component/s: master, tserver
Labels:
None

Description

This continues the work started on ~~ACCUMULO-1024~~, and proposed in detail on that ticket.

The basic idea is that authenticators should be configurable in a priority list, list the way it can be done on Linux, as in:

local > NIS > LDAP > AD

The priority for Accumulo would be:

SystemUserAuthenticator > BuiltInPasswordAuthenticator > UserConfiguredAuthenticator1 > UserConfiguredAuthenticator2 > ...

Attachments

Issue Links

contains

ACCUMULO-1929 Current auth/auth/perm API doesn't well support multiple authentication domains

Resolved

is duplicated by

ACCUMULO-1929 Current auth/auth/perm API doesn't well support multiple authentication domains

Resolved

is related to

ACCUMULO-1024 Deprecate built-in user management utilities

Resolved

ACCUMULO-1319 Remove root username prompt from init

Resolved

ACCUMULO-1165 Use a unique SystemToken (credentials) for each server instance (TServer, etc.)

Open

ACCUMULO-2907 Invalidate "this may not be applicable for your security setup" warning from initialize

Resolved

(1 is related to)

Sub-Tasks

Use a concrete implementation of AuthenticationToken for !SYSTEM user

Resolved

Christopher Tubbs

Allow granting System.GRANT permission

Resolved

Josh Elser

100%

Activity

People

Assignee:: Christopher Tubbs

Reporter:: Christopher Tubbs

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Apr/13 22:22

Updated:: 11/Jun/19 04:28

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m

Include sub-tasks