[
https://issues.apache.org/jira/browse/HBASE-5050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13171086#comment-13171086
]
Alejandro Abdelnur commented on HBASE-5050:
-------------------------------------------
Hadoop 0.23 onwards has a hadoop-auth artifact that provides SPNEGO/Kerberos
authentication for webapps via a filter. You should consider using it. You
don't have to move Hbase to 0.23 for that, just consume the hadoop-auth
artifact, which has no dependencies on the rest of Hadoop 0.23 artifacts.
> [rest] SPNEGO-based authentication
> ----------------------------------
>
> Key: HBASE-5050
> URL: https://issues.apache.org/jira/browse/HBASE-5050
> Project: HBase
> Issue Type: Improvement
> Components: rest, security
> Reporter: Andrew Purtell
>
> Currently the REST gateway can authenticate to a HBase cluster using a
> preconfigured principal. This provides a limited form of secure operation
> where one or more gateways can be deployed with distinct principals granting
> appropriate levels of privilege, but the service ports must be protected
> through network ACLs. This is at best a stopgap.
> SPNEGO is the standard mechanism for Kerberos authentication over HTTP.
> Enhance the REST gateway such that it provides this option, and issues
> requests to the HBase cluster with the established context.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
