Repository: incubator-atlas Updated Branches: refs/heads/master 238ca11cd -> 91ad0218f
ATLAS-350 Document jaas config details for atlas (tbeerbower via shwethags) Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/91ad0218 Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/91ad0218 Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/91ad0218 Branch: refs/heads/master Commit: 91ad0218f4ad1babe26d2024861002a4f352c27e Parents: 238ca11 Author: Shwetha GS <[email protected]> Authored: Wed Dec 2 11:02:54 2015 +0530 Committer: Shwetha GS <[email protected]> Committed: Wed Dec 2 11:02:54 2015 +0530 ---------------------------------------------------------------------- docs/src/site/twiki/security.twiki | 21 +++++++++++++++++++++ release-log.txt | 1 + 2 files changed, 22 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/91ad0218/docs/src/site/twiki/security.twiki ---------------------------------------------------------------------- diff --git a/docs/src/site/twiki/security.twiki b/docs/src/site/twiki/security.twiki index 84b19ad..e360004 100755 --- a/docs/src/site/twiki/security.twiki +++ b/docs/src/site/twiki/security.twiki @@ -44,6 +44,27 @@ The properties for configuring service authentication are: Note that when Atlas is configured with HBase as the storage backend in a secure cluster, the graph db (titan) needs sufficient user permissions to be able to create and access an HBase table. To grant the appropriate permissions see [[Configuration][Graph persistence engine - Hbase]]. +---+++ JAAS configuration + +When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration file should be created and specified so that the HBase client can attempt to SASL-authenticate. + + * Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf). + +<verbatim> + Client { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + useTicketCache=false + storeKey=true + doNotPrompt=false + keyTab="<atlas keytab>" + principal="<atlas principal>"; + }; +</verbatim> + + * Update Atlas METADATA_OPTS to include âjava.security.auth.login.configâ set to the above Atlas JAAS configuration file. + * For example, <code>-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf</code> + ---+++ SPNEGO-based HTTP Authentication HTTP access to the Atlas platform can be secured by enabling the platform's SPNEGO support. There are currently two supported authentication mechanisms: http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/91ad0218/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 6413c21..6d4873b 100644 --- a/release-log.txt +++ b/release-log.txt @@ -9,6 +9,7 @@ ATLAS-54 Rename configs in hive hook (shwethags) ATLAS-3 Mixed Index creation fails with Date types (sumasai via shwethags) ALL CHANGES: +ATLAS-350 Document jaas config details for atlas (tbeerbower via shwethags) ATLAS-344 Document HBase permissions for secure cluster (tbeerbower via shwethags) ATLAS-335 Kerberized cluster: Atlas fails to come up with hbase as backend (sumasai via shwethags) ATLAS-333 atlas_stop.py â script must delete âatlas.pidâ file (ndjouhr via sumasai)
