[FLUME-2631] End to End authentication in Flume - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.6.0
Component/s: Sinks+Sources
Labels:
None

Description

1. The idea is to enable authentication primarily by using SASL/GSSAPI/Kerberos with Thrift RPC. [Thrift already has support for SASL api that supports kerberos, so implementing right now for Thrift. For Avro RPC kerberos support, Avro needs to support SASL first for its Netty Server, before we can use it in flume]

2. Authentication will happen hop to hop[Client to source, intermediate sources to sinks, final sink to destination].

3. As per the initial model, the user principals won’t be carried forward. The flume client[ThriftRpcClient] will authenticate itself to the KDC. All the intermediate agents [Thrift Sources/Sinks] will authenticate as principal ‘flume’ (typically, but this can be any valid principal that KDC can autenticate) to each other and the final agent will authenticate to the destination as the principal it wishes to identify to the destination

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FLUME-2631.patch
24/Feb/15 03:46
44 kB
Johny Rufus
FLUME-2631-1.patch
27/Feb/15 22:21
80 kB
Johny Rufus
FLUME-2631-2.patch
05/Mar/15 04:59
99 kB
Johny Rufus
FLUME-2631-5.patch
06/Mar/15 01:30
106 kB
Johny Rufus
FLUME-2631-7.patch
06/Mar/15 06:25
106 kB
Johny Rufus

Activity

People

Assignee:: Johny Rufus

Reporter:: Johny Rufus

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 23/Feb/15 18:32

Updated:: 01/Apr/15 22:30

Resolved:: 06/Mar/15 07:20