| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
| <concept id="authentication"> |
| |
| <title>Impala Authentication</title> |
| <prolog> |
| <metadata> |
| <data name="Category" value="Security"/> |
| <data name="Category" value="Impala"/> |
| <data name="Category" value="Authentication"/> |
| <data name="Category" value="Administrators"/> |
| </metadata> |
| </prolog> |
| |
| <conbody> |
| |
| <p> |
| Authentication is the mechanism to ensure that only specified hosts and users can connect to Impala. It also |
| verifies that when clients connect to Impala, they are connected to a legitimate server. This feature |
| prevents spoofing such as <term>impersonation</term> (setting up a phony client system with the same account |
| and group names as a legitimate user) and <term>man-in-the-middle attacks</term> (intercepting application |
| requests before they reach Impala and eavesdropping on sensitive information in the requests or the results). |
| </p> |
| |
| <p> |
| Impala supports authentication using either Kerberos or LDAP. |
| </p> |
| <p> |
| You can also make proxy connections to Impala through Apache Knox. |
| </p> |
| |
| <note conref="../shared/impala_common.xml#common/authentication_vs_authorization"/> |
| |
| <p outputclass="toc"/> |
| |
| <p> |
| Once you are finished setting up authentication, move on to authorization, which involves specifying what |
| databases, tables, HDFS directories, and so on can be accessed by particular users when they connect through |
| Impala. See <xref href="impala_authorization.xml#authorization"/> for details. |
| </p> |
| </conbody> |
| </concept> |