Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-2631

End to End authentication in Flume

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.0
    • Component/s: Sinks+Sources
    • Labels:
      None

      Description

      1. The idea is to enable authentication primarily by using SASL/GSSAPI/Kerberos with Thrift RPC. [Thrift already has support for SASL api that supports kerberos, so implementing right now for Thrift. For Avro RPC kerberos support, Avro needs to support SASL first for its Netty Server, before we can use it in flume]

      2. Authentication will happen hop to hop[Client to source, intermediate sources to sinks, final sink to destination].

      3. As per the initial model, the user principals won’t be carried forward. The flume client[ThriftRpcClient] will authenticate itself to the KDC. All the intermediate agents [Thrift Sources/Sinks] will authenticate as principal ‘flume’ (typically, but this can be any valid principal that KDC can autenticate) to each other and the final agent will authenticate to the destination as the principal it wishes to identify to the destination

        Attachments

        1. FLUME-2631.patch
          44 kB
          Johny Rufus
        2. FLUME-2631-1.patch
          80 kB
          Johny Rufus
        3. FLUME-2631-2.patch
          99 kB
          Johny Rufus
        4. FLUME-2631-5.patch
          106 kB
          Johny Rufus
        5. FLUME-2631-7.patch
          106 kB
          Johny Rufus

          Activity

            People

            • Assignee:
              jrufus Johny Rufus
              Reporter:
              jrufus Johny Rufus
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: