You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hbase.apache.org by Tony Dean <To...@sas.com> on 2012/07/12 23:20:26 UTC
hbase secure channel
Hi,
Once authentication has been accomplished the application data begins to flow between client and server. How can one assure that the data is private?
I see an hbase property to turn on privacy: hbase.rpc.protection=privacy. Is this basically SSL, but instead of using certificates, it's using the Kerberos shared key that was deposited at the service when the client sends service ticket?
Thanks.
-Tony
Re: hbase secure channel
Posted by Andrew Purtell <ap...@apache.org>.
On Thu, Jul 12, 2012 at 2:20 PM, Tony Dean <To...@sas.com> wrote:
> Hi,
>
> Once authentication has been accomplished the application data begins to flow between client and server. How can one assure that the data is private?
>
> I see an hbase property to turn on privacy: hbase.rpc.protection=privacy.
This tells SASL on the server side to require successful 'auth-conf'
negotiation instead of just 'auth'. The result is a connection wrapped
by encryption with a shared key or no connection if the negotiation
fails. SASL delegates keying set up to the security layer
implementation. For Hadoop/HBase that would be Kerberos.
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet
Hein (via Tom White)