me.prettyprint.cassandra.connection.factory
Class HKerberosSecuredThriftClientFactoryImpl

java.lang.Object
  me.prettyprint.cassandra.connection.factory.HKerberosSecuredThriftClientFactoryImpl

All Implemented Interfaces:

HClientFactory

public class HKerberosSecuredThriftClientFactoryImpl
extends Object
implements HClientFactory

Client Factory that provides Secure sockets using Kerberos as authentication mechanism. It expects few system properties to be set up:

• java.security.auth.login.config: location of the "jaas.conf" file. Default is jaas.conf at the root of the classpath.
• java.security.krb5.conf: location of the "krb5.conf" file. Default is krb5.conf at the root of the classpath.
• sun.security.krb5.debug. Set to TRUE for debug. Default is FALSE.
• kerberos.client.reference.name Kerberos client reference name specified in jaas.conf. Default: "Client".
• kerberos.service.principal.name Kerberos Service principal name without the domain. Default: "cassandra".
• kerberos.client.principal.name Username for when .keytab file is not specified.
• kerberos.client.password Password for then .keytab file is not specified.
• ssl.truststore File path for trust store
• ssl.truststore.password Password for trust store
• ssl.protocol SSL protocol, default SSL
• ssl.store.type Store type, default JKS
• ssl.cipher.suites Cipher suites

If a .keytab is going to be used, please avoid setting kerberos.client.username and kerberos.client.password. HKerberosThriftClient completes the authentication that this factory started against Kerberos. Sample jaas.conf file:

 Client {
   com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=true
     keyTab="./hector-kerberos.keytab"
     useTicketCache=true
     renewTGT=true
     storeKey=true
     principal="@your_realm";
 };

 Server {
   com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=false
     storeKey=true
     useTicketCache=false
     principal="service_principal@your_realm";
 };
 

useKeyTab and keytab can be omitted if kerberos.client.principal.name and kerberos.client.password are specified.

Author:

patricioe (Patricio Echague - patricioe@gmail.com)

See Also:

HKerberosThriftClient

Field Summary

static String	JAAS_CONFIG
static String	KRB5_CONFIG

Constructor Summary

HKerberosSecuredThriftClientFactoryImpl()

Method Summary

HClient

createClient(CassandraHost ch) Creates a Hector Client against the host represented by ch

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

JAAS_CONFIG

public static final String JAAS_CONFIG

See Also:

Constant Field Values

KRB5_CONFIG

public static final String KRB5_CONFIG

See Also:

Constant Field Values

Constructor Detail

HKerberosSecuredThriftClientFactoryImpl

public HKerberosSecuredThriftClientFactoryImpl()

Method Detail

createClient

public HClient createClient(CassandraHost ch)

Creates a Hector Client against the host represented by ch

Specified by:

createClient in interface HClientFactory

Parameters:

ch - a CassandraHost

Returns:

a new HClient