hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HBASE-3615) Implement token based DIGEST-MD5 authentication for MapReduce tasks
Date Mon, 14 Mar 2011 17:58:29 GMT

    [ https://issues.apache.org/jira/browse/HBASE-3615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13006535#comment-13006535
] 

Todd Lipcon commented on HBASE-3615:
------------------------------------

Looks pretty good to me. One question - how are we going to get the build to work? For most
of the security stuff we've been able to use reflection, but since we need to add annotations
to our RPC protocols, it might get kind of messy. Do we have to have a long running branch?
:(

> Implement token based DIGEST-MD5 authentication for MapReduce tasks
> -------------------------------------------------------------------
>
>                 Key: HBASE-3615
>                 URL: https://issues.apache.org/jira/browse/HBASE-3615
>             Project: HBase
>          Issue Type: New Feature
>          Components: ipc, security
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>             Fix For: 0.92.0
>
>
> HBase security currently supports Kerberos authentication for clients, but this isn't
sufficient for map-reduce interoperability, where tasks execute without Kerberos credentials.
 In order to fully interoperate with map-reduce clients, we will need to provide our own token
authentication mechanism, mirroring the Hadoop token authentication mechanisms.  This will
require obtaining an HBase authentication token for the user when the job is submitted, serializing
it to a secure location, and then, at task execution, having the client or task code de-serialize
the stored authentication token and use that in the HBase client authentication process.
> A detailed implementation proposal is sketched out on the wiki:
> http://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message