Securing HBase
With the default configuration, HBase does not provide any kind of data security. Even with the firewalls in place, HBase is not able to differentiate between multiple users coming from the same client, and uniform data access is provided to all the users. From HBase Version 0.92 onwards, HBase provides optional support for both user authentication and authorization. For user authentication, it provides integration points with Kerberos and for authorization, it provides access an controller coprocessor.
Note
Kerberos is a networked authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos uses Kerberos Key Distribution Center (KDC) as the authentication server and access ticket granting server. The setup of KDC is not in the scope of this book.
The access controller coprocessor is only implemented at the RPC level, and it is based on the Simple Authentication and Security Layer (SASL); the SASL...