[
https://issues.apache.org/jira/browse/ACCUMULO-4306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christopher Tubbs resolved ACCUMULO-4306.
-----------------------------------------
Resolution: Not A Problem
>From a secure deployment perspective, I think it wouldn't make sense to run
>HDFS in an insecure mode, and Accumulo with Kerberos. However, I think there's
>probably a lot of value in separating ourselves away from the Hadoop UGI
>interfaces, so we're not so tightly coupled to Hadoop libraries for
>authentication.
In any case, this ticket seems to have stalled 3 years ago, so I'm closing it.
Please create a new issue at https://github.com/apache/accumulo/issues if there
is still a need for work to be done here.
> Support Kerberos authentication terminating at Accumulo
> -------------------------------------------------------
>
> Key: ACCUMULO-4306
> URL: https://issues.apache.org/jira/browse/ACCUMULO-4306
> Project: Accumulo
> Issue Type: Improvement
> Components: core, rpc
> Reporter: William Slacum
> Assignee: William Slacum
> Priority: Major
> Labels: authentication, kerberos
>
> We currently support Kerberos authentication via SASL+GSSAPI. Due to an
> implementation detail, turning it on requires also enabling Kerberos for HDFS.
> This ticket proposes changing the implementation to avoid needing to turn on
> Kerberos authentication for HDFS, but still (optionally) using it. Mostly, I
> think this boils down to replacing uses of {{UserGroupInformation}} with
> {{Subject}} references. There are couple places (specifically around creating
> delegation tokens for use with a Kerberos-enabled Hadoop cluster) where
> `UserGroupInformation` may need to stick around.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
