phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Dimiduk <ndimi...@gmail.com>
Subject Re: Phoenix query server user authentication?
Date Fri, 04 Sep 2015 05:35:56 GMT
Hi Steve,

Security is a consideration of Query Server development. I have a TODO item
in this area, but haven't fleshed it out too much yet. My thinking is that
we'll follow the model example provided by HBase's own REST gateway. HTTPS
between client and server; grabbing kerbros credentials from the
environment; server acting on authenticated user's behalf while interacting
with the cluster. I don't know where LDAP might fit into this, but I'm
happy to take some direction. If you're interested in contributing, this
would be a great area as we can always use more help on security.

-n

On Thu, Sep 3, 2015 at 3:44 AM, Steve Howard <stevedhoward@gmail.com> wrote:

> We are interested in using HBase as a backend solution for an SSO stack
> that supports persistent backend stores with a JDBC interface.  We would
> like to authenticate between the SSO server and the HBase store by using
> the phoenix query server.
>
> Goal:
> ---------
>
> client --> SSO --> phoenix query server (https) --> LDAP --> If successful
>
>                     |
>
>                     |
>
>                     |
>
>                     v
>
>                     phoenix query server (https) --> HBase (normal phoenix
> connection to HBase)
>
> The docs state it supports only an http transport between the client (SSO,
> in this case) and the phoenix query server.  We are curious about two
> things:
>
> * Has any consideration been given to supporting https?
> * Has any consideration been given to authenticating a user in the phoenix
> query server, similar to what hive uses when it can be configured to
> authenticate with LDAP?  This is outside of kerberos, this is just phoenix
> reaching out to check a username/password combination
>
> If we can't do this, I don't think it will pass governance testing.
>
>

Mime
View raw message