hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Helmling <ghelml...@gmail.com>
Subject Re: Secure Hadoop and non-secure HBase
Date Sun, 11 Sep 2011 22:57:42 GMT
Hi Eric,

If you configure


in your hbase-site.xml, then the master and region server processes should
login from the keytab files on startup, as Todd mentions.  It's also my
understanding that they don't need a renewal thread in that case.  The RPC
client just tries a relogin from the keytab in the case of a connection

Can you describe a bit more what you're seeing so that we can understand the


On Sun, Sep 11, 2011 at 3:13 PM, Todd Lipcon <todd@cloudera.com> wrote:

> Hi Eric,
> Could you please explain more fully what you mean by this? The daemons
> generally run using keytabs, not user credentials, and thus shouldn't
> need the explicit TGT Renewer, right?
> -Todd
> On Sun, Sep 11, 2011 at 11:04 AM, Eric Yang <eric818@gmail.com> wrote:
> > Hi all,
> >
> > Hortonworks has a patch for secure append for Apache Hadoop 0.20.205 to
> work with HBase 0.90.x.  However, secure Hadoop and HBase would work until
> kerberos token expires.  There is currently no code that renews kerberos
> token in HBase.  Hence, it is possible to add a cron job to periodically
> renew the HBase user token to keep the system running.  What does the
> community think about having a setup script for cron job as part of HBase
> upcoming minor release, and fix the token renewal in HBase code for the next
> major version.  On the other hand, would the community accept the token
> renewal code in HBase as part of the upcoming 0.90.5 release?  If yes, what
> is the time line for 0.90.5?
> >
> > regards,
> > Eric
> --
> Todd Lipcon
> Software Engineer, Cloudera

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message