[HBASE-14700] Support a "permissive" mode for secure clusters to allow "simple" auth clients - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.2.0, 0.98.16, 2.0.0
Component/s: security
Labels:
None

Release Note:

Hide
Secure HBase now supports a permissive mode to allow mixed secure and insecure clients. This allows clients to be incrementally migrated over to a secure configuration. To enable clients to continue to connect using SIMPLE authentication when the cluster is configured for security, set "hbase.ipc.server.fallback-to-simple-auth-allowed" equal to "true" in hbase-site.xml. NOTE: This setting should ONLY be used as a temporary measure while converting clients over to secure authentication. It MUST BE DISABLED for secure operation.

Show
Secure HBase now supports a permissive mode to allow mixed secure and insecure clients. This allows clients to be incrementally migrated over to a secure configuration. To enable clients to continue to connect using SIMPLE authentication when the cluster is configured for security, set "hbase.ipc.server.fallback-to-simple-auth-allowed" equal to "true" in hbase-site.xml. NOTE: This setting should ONLY be used as a temporary measure while converting clients over to secure authentication. It MUST BE DISABLED for secure operation.

Description

When implementing HBase security for an existing cluster, it can be useful to support mixed secure and insecure clients while all client configurations are migrated over to secure authentication.

We currently have an option to allow secure clients to fallback to simple auth against insecure clusters. By providing an analogous setting for servers, we would allow a phased rollout of security:

First, security can be enabled on the cluster servers, with the "permissive" mode enabled
Clients can be converting to using secure authentication incrementally
The server audit logs allow identification of clients still using simple auth to connect
Finally, when sufficient clients have been converted to secure operation, the server-side "permissive" mode can be removed, allowing completely secure operation.

Obviously with this enabled, there is no effective access control, but this would still be a useful tool to enable a smooth operational rollout of security. Permissive mode would of course be disabled by default. Enabling it should provide a big scary warning in the logs on startup, and possibly be flagged on relevant UIs.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-14700_0.98-addendum.patch
03/Nov/15 20:23
3 kB
Gary Helmling
HBASE-14700_0.98-v1.patch
03/Nov/15 01:54
15 kB
Gary Helmling
HBASE-14700-v3.patch
29/Oct/15 00:53
19 kB
Gary Helmling
HBASE-14700-v2.patch
28/Oct/15 16:58
17 kB
Gary Helmling
HBASE-14700.patch
27/Oct/15 23:11
18 kB
Gary Helmling

Issue Links

is related to

HBASE-14579 Users authenticated with KERBEROS are recorded as being authenticated with SIMPLE

Closed

HBASE-15025 Allow clients configured with insecure fallback to attempt SIMPLE auth when KRB fails

Open

supercedes

HBASE-14579 Users authenticated with KERBEROS are recorded as being authenticated with SIMPLE

Closed

Activity

People

Assignee:: Gary Helmling

Reporter:: Gary Helmling

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Created:: 26/Oct/15 22:59

Updated:: 22/Dec/15 01:49

Resolved:: 03/Nov/15 02:01