XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.98.0, 0.95.1
    • REST, security
    • None
    • Reviewed
    • Hide
      A new configuration "hbase.rest.authentication" is added to enable authentication. Currently, only "kerberos" is supported. You also need to specify the SPNEGO principal with configuration "hbase.rest.kerberos.spnego.principal". The keytab configured with "hbase.rest.keytab.file" should have a key for this SPNEGO principal besides the REST server principal.
      Show
      A new configuration "hbase.rest.authentication" is added to enable authentication. Currently, only "kerberos" is supported. You also need to specify the SPNEGO principal with configuration "hbase.rest.kerberos.spnego.principal". The keytab configured with "hbase.rest.keytab.file" should have a key for this SPNEGO principal besides the REST server principal.

    Description

      Currently the REST gateway can authenticate to a HBase cluster using a preconfigured principal. This provides a limited form of secure operation where one or more gateways can be deployed with distinct principals granting appropriate levels of privilege, but the service ports must be protected through network ACLs. This is at best a stopgap.

      SPNEGO is the standard mechanism for Kerberos authentication over HTTP. Enhance the REST gateway such that it provides this option, and issues requests to the HBase cluster with the established context.

      Attachments

        1. trunk-5050.patch
          5 kB
          Jimmy Xiang

        Issue Links

          Activity

            People

              jxiang Jimmy Xiang
              apurtell Andrew Kyle Purtell
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: