hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HBASE-4475) When running an embedded ThriftServer, use User.runAs() to allow it to run as a separate principal from the embedding region server
Date Wed, 24 Dec 2014 19:52:13 GMT

     [ https://issues.apache.org/jira/browse/HBASE-4475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrew Purtell resolved HBASE-4475.
-----------------------------------
    Resolution: Not a Problem

> When running an embedded ThriftServer, use User.runAs() to allow it to run as a separate
principal from the embedding region server
> -----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-4475
>                 URL: https://issues.apache.org/jira/browse/HBASE-4475
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, Thrift
>            Reporter: Gary Helmling
>
> As discussed over in HBASE-4460, the current approach to ThriftServer authentication
(provided in HBASE-4099) will not work in an embedded context, since the region server will
already does a login for the process.
> We could make the embedded thrift server still run as a separate user, though, by doing
something like the following:
> * add a {{User.loginAndReturnUser()}} variant that delegates to {{UserGroupInformation.loginUserFromKeytabAndReturnUGI()}},
then returns a wrapping {{User}} instance
> * call this method on startup for the embedded thrift server to get the thrift user instance
> * use {{User.runAs()}} to execute the body of {{HRegionThriftServer.run()}} as the logged
in thrift user



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message