accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1679930 - /accumulo/site/trunk/content/release_notes/1.7.0.mdtext
Date Mon, 18 May 2015 04:18:57 GMT
Author: elserj
Date: Mon May 18 04:18:56 2015
New Revision: 1679930

ACCUMULO-3737 Docs for kerberos authentication


Modified: accumulo/site/trunk/content/release_notes/1.7.0.mdtext
--- accumulo/site/trunk/content/release_notes/1.7.0.mdtext (original)
+++ accumulo/site/trunk/content/release_notes/1.7.0.mdtext Mon May 18 04:18:56 2015
@@ -20,6 +20,33 @@ Apache Accumulo 1.7.0 is a release that
+### Client Authentication with Kerberos
+Kerberos is far and away the de-facto means provide strong authentication across Hadoop
+and other related components. Kerberos uses requires a centralized key distribution center
+to authentication users who have credentials provided by an administrator. When Hadoop is
+configured for use with Kerberos, all users must provide Kerberos credentials to interact
+with the filesystem, launch YARN jobs, or even view certain web pages.
+While Accumulo has long supported operation on Hadoop with Kerberos enabled, it required
+Accumulo users to still use password-based authentication. [ACCUMULO-2815][ACCUMULO-2815]
+added support to Accumulo to allow Accumulo clients to use a single set of Kerberos
+credentials to interact with Accumulo and all other Hadoop components.
+This authentication leverages the [Simple Authentication and Security Layer (SASL)][SASL]
+and [GSSAPI][GSSAPI] to support Kerberos authentication over the existing Thrift-base
+RPC infrastructure that Accumulo leverages.
+These additions represent a significant forward step for Accumulo, bringing it up to
+speed with the rest of the Hadoop components. This results in a much more cohesive
+security story for Accumulo that resonates with the battle-tested cell-level security
+and authorization module.
+### Data-Center Replication
 ### User Initiated Compaction Strategies
 Per table compaction strategies were added in 1.6.0.  In 1.7.0 the ability to
@@ -177,4 +204,7 @@ and, in HDFS High-Availability instances
\ No newline at end of file
\ No newline at end of file

View raw message