On Thu, Jul 12, 2012 at 2:20 PM, Tony Dean <tony.d...@sas.com> wrote: > Hi, > > Once authentication has been accomplished the application data begins to flow > between client and server. How can one assure that the data is private? > > I see an hbase property to turn on privacy: hbase.rpc.protection=privacy.
This tells SASL on the server side to require successful 'auth-conf' negotiation instead of just 'auth'. The result is a connection wrapped by encryption with a shared key or no connection if the negotiation fails. SASL delegates keying set up to the security layer implementation. For Hadoop/HBase that would be Kerberos. Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)