[
https://issues.apache.org/jira/browse/HBASE-2418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153554#comment-13153554
]
stack commented on HBASE-2418:
------------------------------
Trunk is changing too fast on you Andrew!
{code}
patching file pom.xml
Hunk #1 FAILED at 276.
Hunk #2 succeeded at 861 (offset 41 lines).
Hunk #3 succeeded at 1404 with fuzz 2 (offset 3 lines).
1 out of 3 hunks FAILED -- saving rejects to file pom.xml.rej
patching file
src/main/java/org/apache/hadoop/hbase/zookeeper/MiniZooKeeperCluster.java
patching file src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
patching file
src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java
patching file src/test/java/org/apache/hadoop/hbase/HBaseTestingUtility.java
patching file
src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
PATCH APPLICATION FAILED
{code}
This is last 0.92 patch though.... Almost there.
> add support for ZooKeeper authentication
> ----------------------------------------
>
> Key: HBASE-2418
> URL: https://issues.apache.org/jira/browse/HBASE-2418
> Project: HBase
> Issue Type: Improvement
> Components: master, regionserver
> Reporter: Patrick Hunt
> Assignee: Eugene Koontz
> Priority: Critical
> Labels: security, zookeeper
> Fix For: 0.92.0
>
> Attachments: HBASE-2418-6.patch, HBASE-2418-6.patch
>
>
> Some users may run a ZooKeeper cluster in "multi tenant mode" meaning that
> more than one client service would
> like to share a single ZooKeeper service instance (cluster). In this case the
> client services typically want to protect
> their data (ZK znodes) from access by other services (tenants) on the
> cluster. Say you are running HBase and Solr
> and Neo4j, or multiple HBase instances, etc... having
> authentication/authorization on the znodes is important for both
> security and helping to ensure that services don't interact negatively (touch
> each other's data).
> Today HBase does not have support for authentication or authorization. This
> should be added to the HBase clients
> that are accessing the ZK cluster. In general it means calling addAuthInfo
> once after a session is established:
> http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/ZooKeeper.html#addAuthInfo(java.lang.String,
> byte[])
> with a user specific credential, often times this is a shared secret or
> certificate. You may be able to statically configure this
> in some cases (config string or file to read from), however in my case in
> particular you may need to access it programmatically,
> which adds complexity as the end user may need to load code into HBase for
> accessing the credential.
> Secondly you need to specify a non "world" ACL when interacting with znodes
> (create primarily):
> http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/data/ACL.html
> http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/ZooDefs.html
> Feel free to ping the ZooKeeper team if you have questions. It might also be
> good to discuss with some
> potential end users - in particular regarding how the end user can specify
> the credential.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
