[
https://issues.apache.org/jira/browse/HBASE-3615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13006589#comment-13006589
]
Gary Helmling commented on HBASE-3615:
--------------------------------------
Thinking through the TokenInfo annotation issue a bit more, we could copy over
the TokenInfo annotation and modify it to reference the Token "kind" from the
token identifier for matching, then register the TokenSelector using the kind.
I'm wondering if we even need to go to this trouble -- we could have the
implementation just register the selector class for each protocol class it
handles. But I suppose it's nice to have the protocols be a bit
self-documenting.
> Implement token based DIGEST-MD5 authentication for MapReduce tasks
> -------------------------------------------------------------------
>
> Key: HBASE-3615
> URL: https://issues.apache.org/jira/browse/HBASE-3615
> Project: HBase
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Gary Helmling
> Assignee: Gary Helmling
> Fix For: 0.92.0
>
>
> HBase security currently supports Kerberos authentication for clients, but
> this isn't sufficient for map-reduce interoperability, where tasks execute
> without Kerberos credentials. In order to fully interoperate with map-reduce
> clients, we will need to provide our own token authentication mechanism,
> mirroring the Hadoop token authentication mechanisms. This will require
> obtaining an HBase authentication token for the user when the job is
> submitted, serializing it to a secure location, and then, at task execution,
> having the client or task code de-serialize the stored authentication token
> and use that in the HBase client authentication process.
> A detailed implementation proposal is sketched out on the wiki:
> http://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
