Description
We have server authentication via Kerberos, but we don't have a way for clients to connect to Accumulo using Kerberos.
HBase context: http://hbase.apache.org/book/security.html#d248e5472
We'll have to look into how Authorizations and Permissions are assigned to these users and make sure the ZK-backed security mechanisms can still support this. It would be nice to not have to make a completely separate auth/permission mechanism when kerberos is being used.
As far as configuration, I imagine this would be a great fit for the often-proposed client-side configuration idea.
Attachments
Issue Links
- breaks
-
ACCUMULO-3636 Can't view recent traces in monitor with kerberos/sasl enabled
- Resolved
-
ACCUMULO-3639 Base64 not unwrapped when logging error in KerberosAuthenticator
- Resolved
-
ACCUMULO-3874 Wrong username in exception when user doesn't exist
- Resolved
- incorporates
-
ACCUMULO-3454 ZooZap should use server login, not client options
- Resolved
- relates to
-
ACCUMULO-3695 Authentication check for system user incorrect for multiple nodes
- Resolved
-
ACCUMULO-3568 getDiskUsage server implementation recreates Connector from user credentials
- Resolved
-
HIVE-10857 Accumulo storage handler fail throwing java.lang.IllegalArgumentException: Cannot determine SASL mechanism for token class: class org.apache.accumulo.core.client.security.tokens.PasswordToken
- Resolved
-
ACCUMULO-3642 Test failures when local client conf has SASL enabled
- Resolved
-
ACCUMULO-3482 Update bootstrap_config.sh for kerberos changes
- Resolved
- supercedes
-
ACCUMULO-1489 Test Kerberos work with Apache Directory
- Resolved
- links to