Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-2631

End to End authentication in Flume

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.0
    • Component/s: Sinks+Sources
    • Labels:


      1. The idea is to enable authentication primarily by using SASL/GSSAPI/Kerberos with Thrift RPC. [Thrift already has support for SASL api that supports kerberos, so implementing right now for Thrift. For Avro RPC kerberos support, Avro needs to support SASL first for its Netty Server, before we can use it in flume]

      2. Authentication will happen hop to hop[Client to source, intermediate sources to sinks, final sink to destination].

      3. As per the initial model, the user principals won’t be carried forward. The flume client[ThriftRpcClient] will authenticate itself to the KDC. All the intermediate agents [Thrift Sources/Sinks] will authenticate as principal ‘flume’ (typically, but this can be any valid principal that KDC can autenticate) to each other and the final agent will authenticate to the destination as the principal it wishes to identify to the destination


        1. FLUME-2631.patch
          44 kB
          Johny Rufus
        2. FLUME-2631-1.patch
          80 kB
          Johny Rufus
        3. FLUME-2631-2.patch
          99 kB
          Johny Rufus
        4. FLUME-2631-5.patch
          106 kB
          Johny Rufus
        5. FLUME-2631-7.patch
          106 kB
          Johny Rufus



            • Assignee:
              jrufus Johny Rufus
              jrufus Johny Rufus


              • Created:

                Issue deployment