Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.7.0
    • Component/s: None
    • Labels:
      None

      Description

      Not necessarily needed for a first implementation, but, in the end, we should have some sort of authentication mechanism to prevent unwanted 3rd parties from interacting with a slave, injecting "fake replication" data.

        Activity

        Hide
        Josh Elser added a comment -

        First go at this to require some credentials for replication calls. Still insecure over an untrusted wan, that'll be covered by the thrift over ssl portion.

        Show
        Josh Elser added a comment - First go at this to require some credentials for replication calls. Still insecure over an untrusted wan, that'll be covered by the thrift over ssl portion.
        Hide
        ASF subversion and git services added a comment -

        Commit 3605275d0bf747d78f6cf5a56725f1d8af34785c in accumulo's branch refs/heads/ACCUMULO-378 from Josh Elser
        [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=3605275 ]

        ACCUMULO-2587 Fix up the tests to set the user/passwd where required.

        Show
        ASF subversion and git services added a comment - Commit 3605275d0bf747d78f6cf5a56725f1d8af34785c in accumulo's branch refs/heads/ ACCUMULO-378 from Josh Elser [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=3605275 ] ACCUMULO-2587 Fix up the tests to set the user/passwd where required.
        Hide
        ASF subversion and git services added a comment -

        Commit b3ef383d12741229ef7dc11014821225f7fcfcf5 in accumulo's branch refs/heads/ACCUMULO-378 from Josh Elser
        [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=b3ef383 ]

        ACCUMULO-2587 First addition of authentication between replication service and client

        Show
        ASF subversion and git services added a comment - Commit b3ef383d12741229ef7dc11014821225f7fcfcf5 in accumulo's branch refs/heads/ ACCUMULO-378 from Josh Elser [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=b3ef383 ] ACCUMULO-2587 First addition of authentication between replication service and client
        Hide
        Josh Elser added a comment -

        If we're going to send data somewhere, then we need authentication of the slave from the master's perspective.

        That is the intent here, but it is not needed for an initial experimental functionality. Need to make sure the process actually works first.

        Ideally we'd also encrypt the line.

        Yes, I was about to make another to look into applying the same SSL work to this.

        Show
        Josh Elser added a comment - If we're going to send data somewhere, then we need authentication of the slave from the master's perspective. That is the intent here, but it is not needed for an initial experimental functionality. Need to make sure the process actually works first. Ideally we'd also encrypt the line. Yes, I was about to make another to look into applying the same SSL work to this.
        Hide
        John Vines added a comment -

        That makes sense, but should not always be the case. If the data is already encrypted, we should give the users the ability to not pay an unnecessary second encryption penalty

        Show
        John Vines added a comment - That makes sense, but should not always be the case. If the data is already encrypted, we should give the users the ability to not pay an unnecessary second encryption penalty
        Hide
        Sean Busbey added a comment -

        If we're going to send data somewhere, then we need authentication of the slave from the master's perspective. Ideally we'd also encrypt the line.

        Show
        Sean Busbey added a comment - If we're going to send data somewhere, then we need authentication of the slave from the master's perspective. Ideally we'd also encrypt the line.

          People

          • Assignee:
            Josh Elser
            Reporter:
            Josh Elser
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development