[
https://issues.apache.org/jira/browse/HBASE-23347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16990174#comment-16990174
]
Josh Elser commented on HBASE-23347:
------------------------------------
Sorry 'bout that, Reid!
See
[https://github.com/joshelser/hbase/blob/23347-pluggable-authentication/dev-support/design-docs/HBASE-23347-pluggable-authentication.md].
I moved it in with the other design docs after Busbey mentioned they were
there :)
Happy to get your feedback if you have the cycles.
> Pluggable RPC authentication
> ----------------------------
>
> Key: HBASE-23347
> URL: https://issues.apache.org/jira/browse/HBASE-23347
> Project: HBase
> Issue Type: Improvement
> Components: rpc, security
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Major
> Fix For: 3.0.0
>
>
> Today in HBase, we rely on SASL to implement Kerberos and delegation token
> authentication. The RPC client and server logic is very tightly coupled to
> our three authentication mechanism (the previously two mentioned plus simple
> auth'n) for no good reason (other than "that's how it was built", best as I
> can tell).
> SASL's function is to decouple the "application" from how a request is being
> authenticated, which means that, to support a variety of other authentication
> approaches, we just need to be a little more flexible in letting developers
> create their own authentication mechanism for HBase.
> This is less for the "average joe" user to write their own authentication
> plugin (eek), but more to allow us HBase developers to start iterating, see
> what is possible.
> I'll attach a full write-up on what I have today as to how I think we can add
> these abstractions, as well as an initial implementation of this idea, with a
> unit test that shows an end-to-end authentication solution against HBase.
> cc/ [~wchevreuil] as he's been working with me behind the scenes, giving lots
> of great feedback and support.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
