falcon-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From b...@apache.org
Subject falcon git commit: FALCON-1957 Documentation on credential provider alias for passwords in startup properties
Date Mon, 16 May 2016 22:05:50 GMT
Repository: falcon
Updated Branches:
  refs/heads/master 2eac3ec07 -> a31fa545f

FALCON-1957 Documentation on credential provider alias for passwords in startup properties

Also restructured the overview of Falcon security features.

Author: yzheng-hortonworks <yzheng@hortonworks.com>

Reviewers: "Venkat Ranganathan <venkat@hortonworks.com>, Balu Vellanki <balu@apache.org>"

Closes #142 from yzheng-hortonworks/FALCON-1957

Project: http://git-wip-us.apache.org/repos/asf/falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/falcon/commit/a31fa545
Tree: http://git-wip-us.apache.org/repos/asf/falcon/tree/a31fa545
Diff: http://git-wip-us.apache.org/repos/asf/falcon/diff/a31fa545

Branch: refs/heads/master
Commit: a31fa545f9bf9a9266de685da1d6047affeb366f
Parents: 2eac3ec
Author: yzheng-hortonworks <yzheng@hortonworks.com>
Authored: Mon May 16 15:05:45 2016 -0700
Committer: bvellanki <bvellanki@hortonworks.com>
Committed: Mon May 16 15:05:45 2016 -0700

 docs/src/site/twiki/Security.twiki | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/docs/src/site/twiki/Security.twiki b/docs/src/site/twiki/Security.twiki
index 8955bdc..b17650c 100644
--- a/docs/src/site/twiki/Security.twiki
+++ b/docs/src/site/twiki/Security.twiki
@@ -2,8 +2,30 @@
 ---++ Overview
-Apache Falcon enforces authentication and authorization which are detailed below. Falcon
-provides transport level security ensuring data confidentiality and integrity.
+Apache Falcon provides the following security features:
+   * Support credential provider alias for passwords used in Falcon server.
+   * Support authentication to identify proper users.
+   * Support authorization to specify resource access permission for users or groups.
+   * Support SSL to provide transport level security for data confidentiality and integrity.
+---++ Credential Provider Alias for Passwords
+Server-side configuration properties (i.e. startup.properties) contain passwords and other
sensitive information.
+In addition to specifying properties in plain text, we provide the user an option to use
credential provider alias in the property file.
+Take SMTP password for example. The user can store the password in a
credential provider]]
+with the alias name _SMTPPasswordAlias_. In startup.properties where SMTP password is needed,
the user can refer to its
+alias name _SMTPPasswordAlias_ instead of providing the real password.
+The alias property to be resolved through Hadoop credential provider should have the format:
+_credential.provider.alias.for.[property-key]_. For example,
+_credential.provider.alias.for.falcon.email.smtp.password=SMTPPasswordAlias_ for SMTP password.
+Falcon server, during the start, will automatically retrieve the real password provided the
alias name.
+The user can specify the provider path with the property key _credential.provider.path_,
+e.g. _credential.provider.path=jceks://file/tmp/test.jceks_.
+If not specified, Falcon will use the default Hadoop credential provider path in core-site.xml.
 ---++ Authentication (User Identity)

View raw message