-
Notifications
You must be signed in to change notification settings - Fork 28
Security
waterguo edited this page Dec 5, 2017
·
5 revisions
AntsDB can work with three different security mechanisms.
- Unsecured: user can login with any user name and password. The unsecured mode is suitable for development environment where simplicity overweights security. It is the default mode.
- Native security: user name and password are managed by AntsDB. Only authenticated user can log into the database. This security mode is identical to MySQL Native Authentication. Password is hashed using SHA-1 algorithm.
- Kerberos: user name and password are managed by an external Kerberos authentication server under this mode.
To enable native security in AntsDB, follow the steps below
- run
set permanent global antsdb_auth_plugin = 'mysql_native_password'to enable native authentication - run
create user '<username>' identified by '<password>'to add user to the system - run
drop user '<username>'to remove user from the system - run 'alter user '' identified by ''` to change password
- run
set permanent global antsdb_auth_plugin = ''to disable native authentication
AntsDB inherits the security model from Hadoop. It uses Kerberos protocol and the same Authentication Server as configured in the Hadoop cluster. To enable security, the following settings must be set in the configuration file
kerberos.enable: true
krb_realm: name of the Kerberos realm
krb_kdc: name of the Kerberos KDC
krb_jaas: location of the Java JAAS configuration file
AntsDB also supports encryption as part of the MySQL network protocol. The following settings must be set in order to enable SSL encryption
ssl.key_file: location of the SSL key file