[
https://issues.apache.org/jira/browse/HBASE-17860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951593#comment-15951593
]
Ted Yu edited comment on HBASE-17860 at 3/31/17 10:09 PM:
----------------------------------------------------------
Here is brief procedure for testing:
* install cyrus-sasl-2.1.26 on docker vm and export CYRUS_SASL_PLUGINS_DIR
pointing to the directory where sasl library resides
* follow this link to install kerberos packages:
https://help.ubuntu.com/lts/serverguide/kerberos.html
* follow this link to configure KDC:
https://www.rootusers.com/how-to-configure-linux-to-authenticate-using-kerberos/
* generate hbase-host.keytab for server (and optionally hbase.keytab for user,
if you don't want to type password)
* run kinit with the keytab for user "hbase", or by providing password to kinit
* apply the patch which sets necessary config in conf/hbase-site.xml
* run bin/start-hbase.sh to start hbase server
* use hbase shell to create table (test would populate the table with:)
{code}
test1 column=d:1,
timestamp=1490984371943, value=value1
test1 column=d:extra,
timestamp=1490984371949, value=value for extra
test2 column=d:2,
timestamp=1490831145321, value=value2
test2 column=d:extra,
timestamp=1490831219721, value=value for extra
{code}
* run the following command and verify that ClientTest.PutGet passes:
buck test //core:client-test --no-results-cache
was (Author: yuzhih...@gmail.com):
Here is brief procedure for testing:
* install cyrus-sasl-2.1.26 on docker vm and export CYRUS_SASL_PLUGINS_DIR
pointing to the directory where sasl library resides
* follow this link to install kerberos packages:
https://help.ubuntu.com/lts/serverguide/kerberos.html
* follow this link to configure KDC:
https://www.rootusers.com/how-to-configure-linux-to-authenticate-using-kerberos/
* generate hbase-host.keytab for server (and optionally hbase.keytab for user)
* run kinit with the keytab
* apply the patch which sets necessary config in conf/hbase-site.xml
* run bin/start-hbase.sh to start hbase server
* use hbase shell to create table (test would populate the table with:)
{code}
test1 column=d:1,
timestamp=1490984371943, value=value1
test1 column=d:extra,
timestamp=1490984371949, value=value for extra
test2 column=d:2,
timestamp=1490831145321, value=value2
test2 column=d:extra,
timestamp=1490831219721, value=value for extra
{code}
* run the following command and verify that ClientTest.PutGet passes:
buck test //core:client-test --no-results-cache
> Implement secure native client connection
> -----------------------------------------
>
> Key: HBASE-17860
> URL: https://issues.apache.org/jira/browse/HBASE-17860
> Project: HBase
> Issue Type: Sub-task
> Reporter: Ted Yu
> Assignee: Ted Yu
> Priority: Critical
>
> So far, the native client communicates with insecure cluster.
> This JIRA is to add secure connection support for native client using Cyrus
> library.
> The work is based on earlier implementation and is redone via wangle and
> folly frameworks.
> Thanks to [~devaraj] who started the initiative.
> Here is high level description of the design:
> * SaslHandler is declared as:
> {code}
> class SaslHandler
> : public wangle::HandlerAdapter<folly::IOBufQueue&,
> std::unique_ptr<folly::IOBuf>>{
> {code}
> It would be inserted between EventBaseHandler and
> LengthFieldBasedFrameDecoder in the pipeline (via
> ConnectionFactory::Connect())
> * SaslHandler would intercept writes to server by buffering the IOBuf's and
> start the handshake process (via sasl_client_XX calls provided by Cyrus)
> * after handshake is complete, SaslHandler would send the buffered IOBuf's to
> server and act as pass-thru from then on
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
