You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2015/05/18 06:18:57 UTC
svn commit: r1679930 -
/accumulo/site/trunk/content/release_notes/1.7.0.mdtext
Author: elserj
Date: Mon May 18 04:18:56 2015
New Revision: 1679930
URL: http://svn.apache.org/r1679930
Log:
ACCUMULO-3737 Docs for kerberos authentication
Modified:
accumulo/site/trunk/content/release_notes/1.7.0.mdtext
Modified: accumulo/site/trunk/content/release_notes/1.7.0.mdtext
URL: http://svn.apache.org/viewvc/accumulo/site/trunk/content/release_notes/1.7.0.mdtext?rev=1679930&r1=1679929&r2=1679930&view=diff
==============================================================================
--- accumulo/site/trunk/content/release_notes/1.7.0.mdtext (original)
+++ accumulo/site/trunk/content/release_notes/1.7.0.mdtext Mon May 18 04:18:56 2015
@@ -20,6 +20,33 @@ Apache Accumulo 1.7.0 is a release that
#DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
+### Client Authentication with Kerberos
+
+Kerberos is far and away the de-facto means provide strong authentication across Hadoop
+and other related components. Kerberos uses requires a centralized key distribution center
+to authentication users who have credentials provided by an administrator. When Hadoop is
+configured for use with Kerberos, all users must provide Kerberos credentials to interact
+with the filesystem, launch YARN jobs, or even view certain web pages.
+
+While Accumulo has long supported operation on Hadoop with Kerberos enabled, it required
+Accumulo users to still use password-based authentication. [ACCUMULO-2815][ACCUMULO-2815]
+added support to Accumulo to allow Accumulo clients to use a single set of Kerberos
+credentials to interact with Accumulo and all other Hadoop components.
+
+This authentication leverages the [Simple Authentication and Security Layer (SASL)][SASL]
+and [GSSAPI][GSSAPI] to support Kerberos authentication over the existing Thrift-base
+RPC infrastructure that Accumulo leverages.
+
+These additions represent a significant forward step for Accumulo, bringing it up to
+speed with the rest of the Hadoop components. This results in a much more cohesive
+security story for Accumulo that resonates with the battle-tested cell-level security
+and authorization module.
+
+
+### Data-Center Replication
+
+
+
### User Initiated Compaction Strategies
Per table compaction strategies were added in 1.6.0. In 1.7.0 the ability to
@@ -177,4 +204,7 @@ and, in HDFS High-Availability instances
[ACCUMULO-1798]: https://issues.apache.org/jira/browse/ACCUMULO-1798
[ACCUMULO-3134]: https://issues.apache.org/jira/browse/ACCUMULO-3134
[ACCUMULO-3439]: https://issues.apache.org/jira/browse/ACCUMULO-3439
-[group_balancer]: https://blogs.apache.org/accumulo/entry/balancing_groups_of_tablets
\ No newline at end of file
+[group_balancer]: https://blogs.apache.org/accumulo/entry/balancing_groups_of_tablets
+[ACCUMULO-2815]: https://issues.apache.org/jira/browse/ACCUMULO-2815
+[SASL]: http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
+[GSSAPI]: http://en.wikipedia.org/wiki/Generic_Security_Services_Application_Program_Interface
\ No newline at end of file