Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-8660 [rest] support secure REST access
  3. HBASE-5050

[rest] SPNEGO-based authentication

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.98.0, 0.95.1
    • REST, security
    • None
    • Reviewed
    • Hide
      A new configuration "hbase.rest.authentication" is added to enable authentication. Currently, only "kerberos" is supported. You also need to specify the SPNEGO principal with configuration "hbase.rest.kerberos.spnego.principal". The keytab configured with "hbase.rest.keytab.file" should have a key for this SPNEGO principal besides the REST server principal.
      Show
      A new configuration "hbase.rest.authentication" is added to enable authentication. Currently, only "kerberos" is supported. You also need to specify the SPNEGO principal with configuration "hbase.rest.kerberos.spnego.principal". The keytab configured with "hbase.rest.keytab.file" should have a key for this SPNEGO principal besides the REST server principal.

    Description

      Currently the REST gateway can authenticate to a HBase cluster using a preconfigured principal. This provides a limited form of secure operation where one or more gateways can be deployed with distinct principals granting appropriate levels of privilege, but the service ports must be protected through network ACLs. This is at best a stopgap.

      SPNEGO is the standard mechanism for Kerberos authentication over HTTP. Enhance the REST gateway such that it provides this option, and issues requests to the HBase cluster with the established context.

      Attachments

        1. trunk-5050.patch
          5 kB
          Jimmy Xiang

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. KNOX-8 Support HBase via HBase/Stargate

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-5291 Add Kerberos HTTP SPNEGO authentication support to HBase web consoles

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. HBASE-12168 Document Rest gateway SPNEGO-based authentication for client

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jxiang Jimmy Xiang
              apurtell Andrew Kyle Purtell
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: