accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Allen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire
Date Wed, 18 Sep 2013 15:43:52 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770894#comment-13770894
] 

Michael Allen commented on ACCUMULO-1009:
-----------------------------------------

I wanted to +1 Michael's comments above around setting up an independent set of roots for
your cluster.  Getting "real" certificates is a pain in the <insert your favorite body
part here>, especially when you start talking about trying to set up your own sub-root
from which you can cut certificates.  Requiring someone to understand how to do all that and
then set up a bunch of configuration properties on top of it puts up a big barrier to entry.


Having something like Michael's suggested {{bin/accumulo init-ssl}} call do the certificate
generation and configuration for you would be my strongly preferred choice, and would make
setting up secure clusters much much easier.  The work to set up a reasonably secure SSL deployment
is boilerplate, albeit complex boilerplate.  Unless you are extremely keen on handling this
setup yourself, or your company has stringent requirements in this area, having a very easy
to set up SSL configuration is a big boon.

I also agree that being able to quickly test an SSL-enabled mini-cluster is another huge win
for making this code easily testable and maintainable.
                
> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need to encrypt
communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message