hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lars Hofhansl (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-4100) Authentication for REST clients
Date Tue, 28 Aug 2012 21:05:07 GMT

    [ https://issues.apache.org/jira/browse/HBASE-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443531#comment-13443531
] 

Lars Hofhansl commented on HBASE-4100:
--------------------------------------

What's the status. Can this still be committed?
                
> Authentication for REST clients
> -------------------------------
>
>                 Key: HBASE-4100
>                 URL: https://issues.apache.org/jira/browse/HBASE-4100
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Gary Helmling
>         Attachments: HBASE-4100.patch
>
>
> Like Thrift, the REST gateway is not currently integrated into the authentication used
for HBase RPC.  Currently this means the REST gateway cannot even be used when HBase security
is active.
> For the REST gateway to be able to interoperate with HBase security:
> # the REST server needs to be able to login from a keytab on startup with its own server
principal
> # REST clients need to be able to authenticate security with the REST server
> # the REST server needs to be able to act as a trusted proxy for the original client
identities, so that the HBase authorization checks can be performed against the original client
request
> Like Thrift, implementing step #1 as a bare minimum would at least allow deploying a
REST server configured to login as the application user on startup.  Even without authenticating
REST clients, this would allow the gateway to work when HBase security is active.
> For step #2, we can make use of SPNEGO to provide Kerberos/GSSAPI authentication of clients
over HTTP.  The Alfredo library from Cloudera would hopefully make this relatively easy to
do:
> http://cloudera.github.com/alfredo/docs/latest/index.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message