Security

waterguo edited this page Dec 5, 2017 · 5 revisions

AntsDB can work with three different security mechanisms.

  • Unsecured: user can login with any user name and password. The unsecured mode is suitable for development environment where simplicity overweights security. It is the default mode.
  • Native security: user name and password are managed by AntsDB. Only authenticated user can log into the database. This security mode is identical to MySQL Native Authentication. Password is hashed using SHA-1 algorithm.
  • Kerberos: user name and password are managed by an external Kerberos authentication server under this mode.

Native Security

To enable native security in AntsDB, follow the steps below

  • run set permanent global antsdb_auth_plugin = 'mysql_native_password' to enable native authentication
  • run create user '<username>' identified by '<password>' to add user to the system
  • run drop user '<username>' to remove user from the system
  • run 'alter user '' identified by ''` to change password
  • run set permanent global antsdb_auth_plugin = '' to disable native authentication

Kerberos Authentication

AntsDB inherits the security model from Hadoop. It uses Kerberos protocol and the same Authentication Server as configured in the Hadoop cluster. To enable security, the following settings must be set in the configuration file

kerberos.enable: true

krb_realm: name of the Kerberos realm

krb_kdc: name of the Kerberos KDC

krb_jaas: location of the Java JAAS configuration file

SSL

AntsDB also supports encryption as part of the MySQL network protocol. The following settings must be set in order to enable SSL encryption

ssl.key_file: location of the SSL key file

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.