[
https://issues.apache.org/jira/browse/HBASE-23347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17021059#comment-17021059
]
Hudson commented on HBASE-23347:
--------------------------------
Results for branch master
[build #1605 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/master/1605/]: (x)
*{color:red}-1 overall{color}*
----
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1605//General_Nightly_Build_Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1605//JDK8_Nightly_Build_Report_(Hadoop2)/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1605//JDK8_Nightly_Build_Report_(Hadoop3)/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> Pluggable RPC authentication
> ----------------------------
>
> Key: HBASE-23347
> URL: https://issues.apache.org/jira/browse/HBASE-23347
> Project: HBase
> Issue Type: Improvement
> Components: rpc, security
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> Today in HBase, we rely on SASL to implement Kerberos and delegation token
> authentication. The RPC client and server logic is very tightly coupled to
> our three authentication mechanism (the previously two mentioned plus simple
> auth'n) for no good reason (other than "that's how it was built", best as I
> can tell).
> SASL's function is to decouple the "application" from how a request is being
> authenticated, which means that, to support a variety of other authentication
> approaches, we just need to be a little more flexible in letting developers
> create their own authentication mechanism for HBase.
> This is less for the "average joe" user to write their own authentication
> plugin (eek), but more to allow us HBase developers to start iterating, see
> what is possible.
> I'll attach a full write-up on what I have today as to how I think we can add
> these abstractions, as well as an initial implementation of this idea, with a
> unit test that shows an end-to-end authentication solution against HBase.
> cc/ [~wchevreuil] as he's been working with me behind the scenes, giving lots
> of great feedback and support.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
