You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2013/05/14 01:56:57 UTC
svn commit: r1482153 -
/accumulo/branches/1.5/docs/src/main/latex/accumulo_user_manual/chapters/security.tex
Author: vines
Date: Mon May 13 23:56:56 2013
New Revision: 1482153
URL: http://svn.apache.org/r1482153
Log:
ACCUMULO-992 - Forgot to save a file before committing
Modified:
accumulo/branches/1.5/docs/src/main/latex/accumulo_user_manual/chapters/security.tex
Modified: accumulo/branches/1.5/docs/src/main/latex/accumulo_user_manual/chapters/security.tex
URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/docs/src/main/latex/accumulo_user_manual/chapters/security.tex?rev=1482153&r1=1482152&r2=1482153&view=diff
==============================================================================
--- accumulo/branches/1.5/docs/src/main/latex/accumulo_user_manual/chapters/security.tex (original)
+++ accumulo/branches/1.5/docs/src/main/latex/accumulo_user_manual/chapters/security.tex Mon May 13 23:56:56 2013
@@ -139,12 +139,15 @@ deprecation cycle.
Authentication simply handles the ability for a user to verify their integrity. A combination of
principal and authentication token are used to verify a user is who they say they are. An
authentication token should be constructed, either directly through it's constructor, but it is
-advised to use the init(Property) method to populate an authentication token. Once a user is
-authenticated by the Authenticator, the user has access to the other actions within Accumulo. All
-actions in Accumulo are ACLed, and this ACL check is handled by the Permission Handler. This is what
-manages all of the permissions, which are divided in system and per table level. From there, if a
-user is doing an action which requires authorizations, the Authorizor is queried to determine what
-authorizations the user has.
+advised to use the init(Property) method to populate an authentication token. It is expected that a
+user knows what the appropriate token to use for their system is. The default token is
+PasswordToken.
+
+Once a user is authenticated by the Authenticator, the user has access to the other actions within
+Accumulo. All actions in Accumulo are ACLed, and this ACL check is handled by the Permission
+Handler. This is what manages all of the permissions, which are divided in system and per table
+level. From there, if a user is doing an action which requires authorizations, the Authorizor is
+queried to determine what authorizations the user has.
This setup allows a variety of different mechanisms to be used for handling different aspects of
Accumulo's security. A system like Kerberos can be used for authentication, then a system like LDAP