accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2815) Kerberos authentication for clients
Date Tue, 13 Jan 2015 19:43:34 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14275786#comment-14275786
] 

Josh Elser commented on ACCUMULO-2815:
--------------------------------------

HDFS and ZooKeeper were also configured in "secure" mode. I don't think I could run unsecure
HDFS with secure Accumulo only (although I haven't actually tried). Even if so, doing so doesn't
make any practical sense to me since the benchmark would be wholly contrived as no one would
ever actually do this. If we want to understand the difference in running with the TSASL transport
and the KerberosToken, there would be better ways to isolate these specific components.

That said, all *other* HDFS and ZooKeeper parameters should be equivalent with and w/o Kerberos.

> Kerberos authentication for clients
> -----------------------------------
>
>                 Key: ACCUMULO-2815
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2815
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: client
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.7.0
>
>
> We have server authentication via Kerberos, but we don't have a way for clients to connect
to Accumulo using Kerberos.
> HBase context: http://hbase.apache.org/book/security.html#d248e5472
> We'll have to look into how Authorizations and Permissions are assigned to these users
and make sure the ZK-backed security mechanisms can still support this. It would be nice to
not have to make a completely separate auth/permission mechanism when kerberos is being used.
> As far as configuration, I imagine this would be a great fit for the often-proposed client-side
configuration idea.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message