[
https://issues.apache.org/jira/browse/FLUME-2631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14350281#comment-14350281
]
Hudson commented on FLUME-2631:
-------------------------------
FAILURE: Integrated in flume-trunk #719 (See
[https://builds.apache.org/job/flume-trunk/719/])
FLUME-2631. End to End authentication in Flume (hshreedharan:
http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=542b1695033d330eb00ae81713fdc838b88332b6)
* flume-ng-core/src/main/java/org/apache/flume/source/ThriftSource.java
*
flume-ng-sdk/src/main/java/org/apache/flume/api/RpcClientConfigurationConstants.java
* flume-ng-auth/src/main/java/org/apache/flume/api/SecureRpcClientFactory.java
* flume-ng-auth/src/test/java/org/apache/flume/auth/TestFlumeAuthenticator.java
* flume-ng-auth/pom.xml
* flume-ng-auth/src/main/java/org/apache/flume/auth/FlumeAuthenticator.java
* flume-ng-auth/src/main/java/org/apache/flume/auth/FlumeAuthenticationUtil.java
*
flume-ng-sinks/flume-dataset-sink/src/test/java/org/apache/flume/sink/kite/TestKerberosUtil.java
* pom.xml
* flume-ng-sdk/src/main/java/org/apache/flume/api/ThriftRpcClient.java
* flume-ng-dist/pom.xml
*
flume-ng-sinks/flume-hdfs-sink/src/main/java/org/apache/flume/sink/hdfs/HDFSEventSink.java
*
flume-ng-sinks/flume-dataset-sink/src/main/java/org/apache/flume/sink/kite/KerberosUtil.java
*
flume-ng-sinks/flume-hdfs-sink/src/main/java/org/apache/flume/sink/hdfs/BucketWriter.java
*
flume-ng-sinks/flume-ng-hbase-sink/src/main/java/org/apache/flume/sink/hbase/HBaseSinkSecurityManager.java
* flume-ng-dist/src/main/assembly/bin.xml
*
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestBucketWriter.java
* flume-ng-auth/src/main/java/org/apache/flume/auth/UGIExecutor.java
*
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSink.java
* flume-ng-core/pom.xml
* flume-ng-auth/src/main/java/org/apache/flume/auth/KerberosAuthenticator.java
* flume-ng-dist/src/main/assembly/src.xml
* flume-ng-auth/src/main/java/org/apache/flume/auth/SimpleAuthenticator.java
* flume-ng-auth/src/main/java/org/apache/flume/auth/PrivilegedExecutor.java
* flume-ng-sinks/flume-dataset-sink/pom.xml
*
flume-ng-sinks/flume-ng-hbase-sink/src/main/java/org/apache/flume/sink/hbase/HBaseSink.java
*
flume-ng-sinks/flume-dataset-sink/src/main/java/org/apache/flume/sink/kite/DatasetSink.java
* flume-ng-auth/src/main/java/org/apache/flume/api/SecureThriftRpcClient.java
* flume-ng-core/src/main/java/org/apache/flume/sink/ThriftSink.java
* flume-ng-auth/src/main/java/org/apache/flume/auth/SecurityException.java
> End to End authentication in Flume
> -----------------------------------
>
> Key: FLUME-2631
> URL: https://issues.apache.org/jira/browse/FLUME-2631
> Project: Flume
> Issue Type: New Feature
> Components: Sinks+Sources
> Reporter: Johny Rufus
> Assignee: Johny Rufus
> Fix For: v1.6.0
>
> Attachments: FLUME-2631-1.patch, FLUME-2631-2.patch,
> FLUME-2631-5.patch, FLUME-2631-7.patch, FLUME-2631.patch
>
>
> 1. The idea is to enable authentication primarily by using
> SASL/GSSAPI/Kerberos with Thrift RPC. [Thrift already has support for SASL
> api that supports kerberos, so implementing right now for Thrift. For Avro
> RPC kerberos support, Avro needs to support SASL first for its Netty Server,
> before we can use it in flume]
> 2. Authentication will happen hop to hop[Client to source, intermediate
> sources to sinks, final sink to destination].
> 3. As per the initial model, the user principals won’t be carried forward.
> The flume client[ThriftRpcClient] will authenticate itself to the KDC. All
> the intermediate agents [Thrift Sources/Sinks] will authenticate as principal
> ‘flume’ (typically, but this can be any valid principal that KDC can
> autenticate) to each other and the final agent will authenticate to the
> destination as the principal it wishes to identify to the destination
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
