We’ve been working on a Druid implementation for a while now, but we’ve never really considered Authentication until now.
I’m looking for opinions whether people feel that using Basic Authentication as part of a defence in depth strategy, is adequate for securing the UI and API or whether we need to go the full SPNEGO Authentication with all of additional work that this would entail?
Any ideas greatly appreciated.
It is really depending on your cluster security needs. Basic security provides static user/password authentication (LDAP authen is on the way), and role based authorization. If you do not like static user/password model, you can join force Kerberos + basic security auth, to use Kerberos’s authentication, while using basic security’s role based authorization.
Hope this helps
The LDAP/AD user authentication/authorization feature in Druid will be available in 0.17.0 release. It’s developed and supported as part of the existing druid basic security extension that uses Druid metadata store to store, manage, authenticate, and authorize user credentials and roles. With ldap support you’ll now also be able to set/manage ldap groups to role mappings in Druid
Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please
notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and
external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.
Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration
No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD