[ACCUMULO-4306] Support Kerberos authentication terminating at Accumulo - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: None
Fix Version/s: None
Component/s: core, rpc
Labels:
- authentication
- kerberos

Description

We currently support Kerberos authentication via SASL+GSSAPI. Due to an implementation detail, turning it on requires also enabling Kerberos for HDFS.

This ticket proposes changing the implementation to avoid needing to turn on Kerberos authentication for HDFS, but still (optionally) using it. Mostly, I think this boils down to replacing uses of UserGroupInformation with Subject references. There are couple places (specifically around creating delegation tokens for use with a Kerberos-enabled Hadoop cluster) where `UserGroupInformation` may need to stick around.

Attachments

Activity

People

Assignee:: William Slacum

Reporter:: William Slacum

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 09/May/16 16:50

Updated:: 23/Apr/19 23:39

Resolved:: 23/Apr/19 23:39