Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AAA98971A for ; Fri, 16 Dec 2011 17:31:00 +0000 (UTC) Received: (qmail 18905 invoked by uid 500); 16 Dec 2011 17:31:00 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 18876 invoked by uid 500); 16 Dec 2011 17:31:00 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 18868 invoked by uid 99); 16 Dec 2011 17:31:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Dec 2011 17:31:00 +0000 X-ASF-Spam-Status: No, hits=-2001.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Dec 2011 17:30:52 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 5068D117B26 for ; Fri, 16 Dec 2011 17:30:31 +0000 (UTC) Date: Fri, 16 Dec 2011 17:30:31 +0000 (UTC) From: "Alejandro Abdelnur (Commented) (JIRA)" To: issues@hbase.apache.org Message-ID: <64002353.20047.1324056631342.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <959572798.18664.1324023030896.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HBASE-5050) [rest] SPNEGO-based authentication MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-5050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13171086#comment-13171086 ] Alejandro Abdelnur commented on HBASE-5050: ------------------------------------------- Hadoop 0.23 onwards has a hadoop-auth artifact that provides SPNEGO/Kerberos authentication for webapps via a filter. You should consider using it. You don't have to move Hbase to 0.23 for that, just consume the hadoop-auth artifact, which has no dependencies on the rest of Hadoop 0.23 artifacts. > [rest] SPNEGO-based authentication > ---------------------------------- > > Key: HBASE-5050 > URL: https://issues.apache.org/jira/browse/HBASE-5050 > Project: HBase > Issue Type: Improvement > Components: rest, security > Reporter: Andrew Purtell > > Currently the REST gateway can authenticate to a HBase cluster using a preconfigured principal. This provides a limited form of secure operation where one or more gateways can be deployed with distinct principals granting appropriate levels of privilege, but the service ports must be protected through network ACLs. This is at best a stopgap. > SPNEGO is the standard mechanism for Kerberos authentication over HTTP. Enhance the REST gateway such that it provides this option, and issues requests to the HBase cluster with the established context. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira