Azkaban security (username/password) for Prod env's ?

[sam k]

Hi all,

We are maintaining azkaban schedulers in dev, qa and prod
environments. But we are looking to have a username/password set up
for azkaban in production environments.

Please help me out with the procedure.

Thanks

[Wayne]

You might have to implement by yourself. Azkaban has no new release
for a long time.

[Richard Park]

Sorry guys for the lack of updates.

I've been working on other things until last week when I've been free to go back on Azkaban again.

I'll be merging most of Azkaban changes we've made, but essentially have to fork for hadoop 1.0 and 20.2 until I separate this dependency.

In terms of security, I'm currently working on a version of Azkaban right now that has login authentication and secure sessioning, but it may be more extensive that you guys need. We need to have it authenticated using an LDAP system and have secure sessioning.

If all you need is a quick and dirty authentication, you may want to look at 'war'-ing azkaban (there's an ant target for that), and then using Tomcat to authenticate. I've actually never tried this before.

Thanks,

-Richard

[Joe Crobak]

You can use the azkaban war in any servlet container (it uses jetty by default), and you should be able to configure authentication via that servlet container. Here are some instructions for jetty: http://stackoverflow.com/questions/5323855/jetty-webserver-security/5332049

Another solution is to use apache with mod_proxy to sit in front of azkaban and use an httpd module for authentication (e.g. basic auth using http passwd files or ldap).

You may want to investigate https if you're sending passwords using basic auth, as they're sent in cleartext over http.