Dear Wiki user, You have subscribed to a wiki page or wiki category on "Hadoop Wiki" for change notification.
The "Hbase/HBaseTokenAuthentication" page has been changed by GaryHelmling. The comment on this change is: Add some details on ZK usage for key distribution. http://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication?action=diff&rev1=1&rev2=2 -------------------------------------------------- 1. implement {{{org.apache.hadoop.security.token.SecretManager}}} 1. master will generate a secret key for signing and authenticating tokens a. will need to persist somewhere (zookeeper?) to allow for master restarts and failover + a. the generated secret key will be distributed across all cluster nodes via ZooKeeper + i. ZooKeeper access to keys will be secure by Kerberos authentication (ZOOKEEPER-938) and use of ACLs limiting access to HBase principals - a. will need to distribute generated secret key to RS - i. could be on region checkin/heartbeats, though stack is removing those - i. could be distributed through zookeeper as well 1. add a helper like {{{TableMapReduceUtil.initJob()}}} to use when submitting a new job a. will obtain a new token from master a. add token to Credentials instance @@ -53, +52 @@ ==== Master Secret Key ==== Authentication relies on a secret key generated at runtime on the master and used to generate Authentication Tokens for clients. Tokens will be generated on the master for Kerberos authenticated clients, but token based authentication will need to be allowed on all masters and region servers in a cluster. So the master will need a means to distribute the secret key to other cluster nodes. - The master will also need to write the secret key to persistent storage in order for authentication tokens to survive a cluster restart. + The master will also need to write the secret key to semi-persistent storage in order for authentication tokens to survive a cluster restart. The keys themselves are by nature transient, as the current master key will be periodically rolled to limit exposure to reverse engineering from token secrets. The last N keys will be maintained in order to validate existing tokens, using a fixed size queue, with the oldest key dropped on insertion when full. + + ZooKeeper will be used to broadcast master key changes throughout the cluster and to provide key persistence between master restarts or failover. Note that this depends on securing access to the key znodes via Kerberos authentication and ZooKeeper ACLs. Keys will be stored in ZooKeeper, with one znode per key, using the structure: + {{{ + <HBASE_ROOT>/ + secretkey/ + znode(keyID1, serialized DelegationKey1) + znode(keyID2, serialized DelegationKey2) + ... + }}} ==== Implementation ==== 1. Extend {{{org.apache.hadoop.security.token.TokenIdentifier}}} with new HBase type
