You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@falcon.apache.org by ba...@apache.org on 2016/05/16 22:05:50 UTC
falcon git commit: FALCON-1957 Documentation on credential provider
alias for passwords in startup properties
Repository: falcon
Updated Branches:
refs/heads/master 2eac3ec07 -> a31fa545f
FALCON-1957 Documentation on credential provider alias for passwords in startup properties
Also restructured the overview of Falcon security features.
Author: yzheng-hortonworks <yz...@hortonworks.com>
Reviewers: "Venkat Ranganathan <ve...@hortonworks.com>, Balu Vellanki <ba...@apache.org>"
Closes #142 from yzheng-hortonworks/FALCON-1957
Project: http://git-wip-us.apache.org/repos/asf/falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/falcon/commit/a31fa545
Tree: http://git-wip-us.apache.org/repos/asf/falcon/tree/a31fa545
Diff: http://git-wip-us.apache.org/repos/asf/falcon/diff/a31fa545
Branch: refs/heads/master
Commit: a31fa545f9bf9a9266de685da1d6047affeb366f
Parents: 2eac3ec
Author: yzheng-hortonworks <yz...@hortonworks.com>
Authored: Mon May 16 15:05:45 2016 -0700
Committer: bvellanki <bv...@hortonworks.com>
Committed: Mon May 16 15:05:45 2016 -0700
----------------------------------------------------------------------
docs/src/site/twiki/Security.twiki | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/falcon/blob/a31fa545/docs/src/site/twiki/Security.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/Security.twiki b/docs/src/site/twiki/Security.twiki
index 8955bdc..b17650c 100644
--- a/docs/src/site/twiki/Security.twiki
+++ b/docs/src/site/twiki/Security.twiki
@@ -2,8 +2,30 @@
---++ Overview
-Apache Falcon enforces authentication and authorization which are detailed below. Falcon also
-provides transport level security ensuring data confidentiality and integrity.
+Apache Falcon provides the following security features:
+ * Support credential provider alias for passwords used in Falcon server.
+ * Support authentication to identify proper users.
+ * Support authorization to specify resource access permission for users or groups.
+ * Support SSL to provide transport level security for data confidentiality and integrity.
+
+
+---++ Credential Provider Alias for Passwords
+Server-side configuration properties (i.e. startup.properties) contain passwords and other sensitive information.
+In addition to specifying properties in plain text, we provide the user an option to use credential provider alias in the property file.
+
+Take SMTP password for example. The user can store the password in a
+[[http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CommandsManual.html#credential][Hadoop credential provider]]
+with the alias name _SMTPPasswordAlias_. In startup.properties where SMTP password is needed, the user can refer to its
+alias name _SMTPPasswordAlias_ instead of providing the real password.
+
+The alias property to be resolved through Hadoop credential provider should have the format:
+_credential.provider.alias.for.[property-key]_. For example,
+_credential.provider.alias.for.falcon.email.smtp.password=SMTPPasswordAlias_ for SMTP password.
+Falcon server, during the start, will automatically retrieve the real password provided the alias name.
+
+The user can specify the provider path with the property key _credential.provider.path_,
+e.g. _credential.provider.path=jceks://file/tmp/test.jceks_.
+If not specified, Falcon will use the default Hadoop credential provider path in core-site.xml.
---++ Authentication (User Identity)