You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hbase.apache.org by Tony Dean <To...@sas.com> on 2012/07/12 23:20:26 UTC

hbase secure channel

Hi,

Once authentication has been accomplished the application data begins to flow between client and server.  How can one assure that the data is private?

I see an hbase property to turn on privacy: hbase.rpc.protection=privacy.  Is this basically SSL, but instead of using certificates, it's using the Kerberos shared key that was deposited at the service when the client sends service ticket?

Thanks.

-Tony

Re: hbase secure channel

Posted by Andrew Purtell <ap...@apache.org>.

On Thu, Jul 12, 2012 at 2:20 PM, Tony Dean <To...@sas.com> wrote:
> Hi,
>
> Once authentication has been accomplished the application data begins to flow between client and server.  How can one assure that the data is private?
>
> I see an hbase property to turn on privacy: hbase.rpc.protection=privacy.

This tells SASL on the server side to require successful 'auth-conf'
negotiation instead of just 'auth'. The result is a connection wrapped
by encryption with a shared key or no connection if the negotiation
fails. SASL delegates keying set up to the security layer
implementation. For Hadoop/HBase that would be Kerberos.

Best regards,

   - Andy

Problems worthy of attack prove their worth by hitting back. - Piet
Hein (via Tom White)