Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-3615

Implement token based DIGEST-MD5 authentication for MapReduce tasks

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.92.0
    • Component/s: IPC/RPC, security
    • Labels:
      None

      Description

      HBase security currently supports Kerberos authentication for clients, but this isn't sufficient for map-reduce interoperability, where tasks execute without Kerberos credentials. In order to fully interoperate with map-reduce clients, we will need to provide our own token authentication mechanism, mirroring the Hadoop token authentication mechanisms. This will require obtaining an HBase authentication token for the user when the job is submitted, serializing it to a secure location, and then, at task execution, having the client or task code de-serialize the stored authentication token and use that in the HBase client authentication process.

      A detailed implementation proposal is sketched out on the wiki:
      http://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication

        Attachments

        1. HBASE-3615.patch
          118 kB
          Gary Helmling

          Issue Links

            Activity

              People

              • Assignee:
                ghelmling Gary Helmling
                Reporter:
                ghelmling Gary Helmling
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: