[
https://issues.apache.org/jira/browse/HBASE-5050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jimmy Xiang updated HBASE-5050:
-------------------------------
Release Note: A new configuration "hbase.rest.authentication" is added to
enable authentication. Currently, only "kerberos" is supported. You also need
to specify the SPNEGO principal with configuration
"hbase.rest.kerberos.spnego.principal". The keytab configured with
"hbase.rest.keytab.file" should have a key for this SPNEGO principal besides
the REST server principal.
Status: Patch Available (was: Open)
This patch does authentication only. The authenticated user is NOT the user
used to make HBase requests. The pre-configured user is still used instead.
I tested it on my local box. If a user is not authenticated, s/he will get 401
error.
> [rest] SPNEGO-based authentication
> ----------------------------------
>
> Key: HBASE-5050
> URL: https://issues.apache.org/jira/browse/HBASE-5050
> Project: HBase
> Issue Type: Sub-task
> Components: REST, security
> Reporter: Andrew Purtell
> Assignee: Jimmy Xiang
> Attachments: trunk-5050.patch
>
>
> Currently the REST gateway can authenticate to a HBase cluster using a
> preconfigured principal. This provides a limited form of secure operation
> where one or more gateways can be deployed with distinct principals granting
> appropriate levels of privilege, but the service ports must be protected
> through network ACLs. This is at best a stopgap.
> SPNEGO is the standard mechanism for Kerberos authentication over HTTP.
> Enhance the REST gateway such that it provides this option, and issues
> requests to the HBase cluster with the established context.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
