[HBASE-3615] Implement token based DIGEST-MD5 authentication for MapReduce tasks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.92.0
Component/s: IPC/RPC, security
Labels:
None

Description

HBase security currently supports Kerberos authentication for clients, but this isn't sufficient for map-reduce interoperability, where tasks execute without Kerberos credentials. In order to fully interoperate with map-reduce clients, we will need to provide our own token authentication mechanism, mirroring the Hadoop token authentication mechanisms. This will require obtaining an HBase authentication token for the user when the job is submitted, serializing it to a secure location, and then, at task execution, having the client or task code de-serialize the stored authentication token and use that in the HBase client authentication process.

A detailed implementation proposal is sketched out on the wiki:
http://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-3615.patch
22/Mar/11 19:37
118 kB
Gary Helmling

Issue Links

is depended upon by

HBASE-3025 Coprocessor based simple access control

Closed

is part of

HBASE-2742 Provide strong authentication with a secure RPC engine

Closed

HBASE-1697 Discretionary access control

Closed

Activity

People

Assignee:: Gary Helmling

Reporter:: Gary Helmling

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Mar/11 01:20

Updated:: 20/Nov/15 12:43

Resolved:: 18/Nov/11 08:02