Return-Path: 
 <issues-return-122999-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 76FBA10DDE
	for <apmail-hbase-issues-archive@www.apache.org>;
 Fri,  8 Nov 2013 22:18:18 +0000 (UTC)
Received: (qmail 55206 invoked by uid 500); 8 Nov 2013 22:18:18 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 55162 invoked by uid 500); 8 Nov 2013 22:18:18 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 55153 invoked by uid 99); 8 Nov 2013 22:18:18 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Nov 2013 22:18:18 +0000
Date: Fri, 8 Nov 2013 22:18:18 +0000 (UTC)
From: "Gary Helmling (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12441875.1259455591561.44694.1383949098160@arcas>
In-Reply-To: <JIRA.12441875.1259455591561@arcas>
References: <JIRA.12441875.1259455591561@arcas>
Subject: [jira] [Commented] (HBASE-2016) [DAC] Authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HBASE-2016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817750#comment-13817750 ] 

Gary Helmling commented on HBASE-2016:
--------------------------------------

It would certainly be possible to implement your own proxy, as Andy describes, which would need its own kerberos credentials and would perform its own authentication of clients.  But that doesn't seem like core HBase functionality.  Instead it's putting a proxy in place in order to circumvent security.

I think the direction for HBase will be to support pluggable authentication of clients at the RPC layer, using the same mechanisms under development for Hadoop, but unfortunately that may be some time away.

> [DAC] Authentication
> --------------------
>
>                 Key: HBASE-2016
>                 URL: https://issues.apache.org/jira/browse/HBASE-2016
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Andrew Purtell
>            Assignee: Gary Helmling
>
> Follow what Hadoop is doing. Authentication via JAAS: 
>     http://issues.apache.org/jira/browse/HADOOP-6299
>     http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html
> Should support Kerberos, Unix, and LDAP authentication options. 
> Integrate with authentication mechanisms for IPC and HDFS. 



--
This message was sent by Atlassian JIRA
(v6.1#6144)