accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3045) Support AuthenticationToken backed by CredentialProvider
Date Wed, 06 Aug 2014 00:51:12 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14087047#comment-14087047
] 

Josh Elser commented on ACCUMULO-3045:
--------------------------------------

Ahh, yes, I understand you now. If it's not backed by some distributed "means", it's limited
by the local resource. Yes, I agree with you 100%. It'll be interesting to see the types of
implementations that come about (I'm not entirely sure what's in the works yet, myself) but,
given that this is trying to be addressed at the "platform" (hadoop) level, I'm sure that
we'll see some good implementations.

I definitely liked the fact that I had to alter absolutely no security implementation code
and could solely implement this by the creation of a new AuthenticationToken.

I made a writeup in the user manual for ACCUMULO-2464; I could do the same for these changes
(maybe add in a new subsection in the "Writing Clients" section, or similar). Are you looking
for user info, developer info, both? Thoughts?

> Support AuthenticationToken backed by CredentialProvider
> --------------------------------------------------------
>
>                 Key: ACCUMULO-3045
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3045
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: client
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.6.1, 1.7.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Along the same lines as ACCUMULO-2464, the MapReduce AuthenticationToken serialization
also has the potential to be stored in a non-secure form. Some of this is mitigated via Base64
the password to remove human-readable-ness, the ability to serialize an AuthenticationToken
to a file, etc.
> Wiring up a CredentialProvider as an AuthenticationToken is another option provided to
us by Hadoop likely to handle tricky security-related concerns for us.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message