Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-2631

End to End authentication in Flume

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.6.0
    • Sinks+Sources
    • None

    Description

      1. The idea is to enable authentication primarily by using SASL/GSSAPI/Kerberos with Thrift RPC. [Thrift already has support for SASL api that supports kerberos, so implementing right now for Thrift. For Avro RPC kerberos support, Avro needs to support SASL first for its Netty Server, before we can use it in flume]

      2. Authentication will happen hop to hop[Client to source, intermediate sources to sinks, final sink to destination].

      3. As per the initial model, the user principals won’t be carried forward. The flume client[ThriftRpcClient] will authenticate itself to the KDC. All the intermediate agents [Thrift Sources/Sinks] will authenticate as principal ‘flume’ (typically, but this can be any valid principal that KDC can autenticate) to each other and the final agent will authenticate to the destination as the principal it wishes to identify to the destination

      Attachments

        1. FLUME-2631.patch
          44 kB
          Johny Rufus
        2. FLUME-2631-1.patch
          80 kB
          Johny Rufus
        3. FLUME-2631-2.patch
          99 kB
          Johny Rufus
        4. FLUME-2631-5.patch
          106 kB
          Johny Rufus
        5. FLUME-2631-7.patch
          106 kB
          Johny Rufus

        Activity

          People

            jrufus Johny Rufus
            jrufus Johny Rufus
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: