Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
Reply-To: common-dev@hadoop.apache.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Apache Wiki <wikidiffs@apache.org>
To: Apache Wiki <wikidiffs@apache.org>
Date: Fri, 11 Mar 2011 20:14:55 -0000
Message-ID: <20110311201455.22328.32654@eosnew.apache.org>
Subject: 
 =?utf-8?q?=5BHadoop_Wiki=5D_Update_of_=22Hbase/HBaseTokenAuthentication?=
 =?utf-8?q?=22_by_GaryHelmling?=

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Hadoop Wiki" for ch=
ange notification.

The "Hbase/HBaseTokenAuthentication" page has been changed by GaryHelmling.
The comment on this change is: Add some details on ZK usage for key distrib=
ution.
http://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication?action=3Ddiff&=
rev1=3D1&rev2=3D2

--------------------------------------------------

   1. implement {{{org.apache.hadoop.security.token.SecretManager}}}
   1. master will generate a secret key for signing and authenticating toke=
ns
     a. will need to persist somewhere (zookeeper?) to allow for master res=
tarts and failover
+    a. the generated secret key will be distributed across all cluster nod=
es via ZooKeeper
+      i. ZooKeeper access to keys will be secure by Kerberos authenticatio=
n (ZOOKEEPER-938) and use of ACLs limiting access to HBase principals
-    a. will need to distribute generated secret key to RS
-      i. could be on region checkin/heartbeats, though stack is removing t=
hose
-      i. could be distributed through zookeeper as well
   1. add a helper like {{{TableMapReduceUtil.initJob()}}} to use when subm=
itting a new job
     a. will obtain a new token from master
     a. add token to Credentials instance
@@ -53, +52 @@

  =3D=3D=3D=3D Master Secret Key =3D=3D=3D=3D
  Authentication relies on a secret key generated at runtime on the master =
and used to generate Authentication Tokens for clients.  Tokens will be gen=
erated on the master for Kerberos authenticated clients, but token based au=
thentication will need to be allowed on all masters and region servers in a=
 cluster.  So the master will need a means to distribute the secret key to =
other cluster nodes.
  =

- The master will also need to write the secret key to persistent storage i=
n order for authentication tokens to survive a cluster restart.
+ The master will also need to write the secret key to semi-persistent stor=
age in order for authentication tokens to survive a cluster restart.  The k=
eys themselves are by nature transient, as the current master key will be p=
eriodically rolled to limit exposure to reverse engineering from token secr=
ets.  The last N keys will be maintained in order to validate existing toke=
ns, using a fixed size queue, with the oldest key dropped on insertion when=
 full.
+ =

+ ZooKeeper will be used to broadcast master key changes throughout the clu=
ster and to provide key persistence between master restarts or failover.  N=
ote that this depends on securing access to the key znodes via Kerberos aut=
hentication and ZooKeeper ACLs.  Keys will be stored in ZooKeeper, with one=
 znode per key, using the structure:
+ {{{
+   <HBASE_ROOT>/
+       secretkey/
+           znode(keyID1, serialized DelegationKey1)
+           znode(keyID2, serialized DelegationKey2)
+           ...
+ }}}
  =

  =3D=3D=3D=3D Implementation =3D=3D=3D=3D
   1. Extend {{{org.apache.hadoop.security.token.TokenIdentifier}}} with ne=
w HBase type