[
https://issues.apache.org/jira/browse/HBASE-23347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16994150#comment-16994150
]
Reid Chan commented on HBASE-23347:
-----------------------------------
Left few comments in pr, but i haven't finished server-side impl yet. Will be
back!
> Pluggable RPC authentication
> ----------------------------
>
> Key: HBASE-23347
> URL: https://issues.apache.org/jira/browse/HBASE-23347
> Project: HBase
> Issue Type: Improvement
> Components: rpc, security
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Major
> Fix For: 3.0.0
>
>
> Today in HBase, we rely on SASL to implement Kerberos and delegation token
> authentication. The RPC client and server logic is very tightly coupled to
> our three authentication mechanism (the previously two mentioned plus simple
> auth'n) for no good reason (other than "that's how it was built", best as I
> can tell).
> SASL's function is to decouple the "application" from how a request is being
> authenticated, which means that, to support a variety of other authentication
> approaches, we just need to be a little more flexible in letting developers
> create their own authentication mechanism for HBase.
> This is less for the "average joe" user to write their own authentication
> plugin (eek), but more to allow us HBase developers to start iterating, see
> what is possible.
> I'll attach a full write-up on what I have today as to how I think we can add
> these abstractions, as well as an initial implementation of this idea, with a
> unit test that shows an end-to-end authentication solution against HBase.
> cc/ [~wchevreuil] as he's been working with me behind the scenes, giving lots
> of great feedback and support.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
