accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3045) Support AuthenticationToken backed by CredentialProvider
Date Tue, 05 Aug 2014 20:57:15 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086745#comment-14086745
] 

Josh Elser commented on ACCUMULO-3045:
--------------------------------------

bq. I noticed you had a few methods in the commit that overrode the super class, but simply
called super.method() (in particular, write() and readFields()). Is there some reason these
don't just inherit from the parent class?

Ah, some cruft I could've cleaned up. I had thought I needed some extra members and, thus,
had to add to the serialization, but ended up not needing to. I'll clean those up.

bq. I'm a bit confused on the intent

Ultimately the intent is to be able to use a CredentialProvider to authenticate against Accumulo.
I'm not entirely positive what you mean about client side or server side, but I *think* the
intent is server-side. The desired intent is to be able to seamlessly authenticate with Accumulo
using a CredentialProvider (using the shell, a mapreduce job, really anything using a Connector).
In practice, it comes off as very similar to what exists for presently for providing passwords
to the shell from a file or an environment variable. Does that help?

> Support AuthenticationToken backed by CredentialProvider
> --------------------------------------------------------
>
>                 Key: ACCUMULO-3045
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3045
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: client
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.6.1, 1.7.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Along the same lines as ACCUMULO-2464, the MapReduce AuthenticationToken serialization
also has the potential to be stored in a non-secure form. Some of this is mitigated via Base64
the password to remove human-readable-ness, the ability to serialize an AuthenticationToken
to a file, etc.
> Wiring up a CredentialProvider as an AuthenticationToken is another option provided to
us by Hadoop likely to handle tricky security-related concerns for us.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message