hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ngkmh <ng...@yahoo.com>
Subject Connecting to secured HBase using Java and hbase.regionserver.kerberos.principal
Date Wed, 15 Jun 2016 12:41:14 GMT
Hi,

I'm doing some prototyping with HBase and I currently have a *secured*
single node HBase installation.  

One of the things I need to work out is how we will connect from Java. 
After alot of trial and error (there does not seem to be much documentation
on this), I found that the minimum config settings were: 

        Configuration conf = new Configuration();

        conf.set("hbase.zookeeper.quorum", "zookeeperServer");
        conf.set("hbase.zookeeper.property.clientPort", "2181");  
        conf.set("hbase.security.authentication", "kerberos");         
        conf.set("hbase.rpc.protection", "privacy");
        conf.set("hbase.regionserver.kerberos.principal",
"hbase/regionserver1");  
        
        Connection connection = null;

        try {
             
SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
              UserGroupInformation.setConfiguration(conf);
              UserGroupInformation ugi =
UserGroupInformation.loginUserFromKeytabAndReturnUGI("user", "user.keytab");
              User user = User.create(ugi);
              connection = ConnectionFactory.createConnection(conf);
              connection = ConnectionFactory.createConnection(conf, user);


      ..........
      ..........

Now thats OK with a single server.  

However, what if you have multiple region servers located on different
machines.  The Region Server Kerberos principal is supposed to be 
hbase/FQDN@REALM.

What Kerberos principal am I supposed to use, when there are potentially
many?

Does this mean that I should use the same principal for all region servers
and break the standard for principal names?

And finally, does anyone know why does the java client need this setting?

Thanks

Kevin



--
View this message in context: http://apache-hbase.679495.n3.nabble.com/Connecting-to-secured-HBase-using-Java-and-hbase-regionserver-kerberos-principal-tp4080631.html
Sent from the HBase Developer mailing list archive at Nabble.com.

Mime
View raw message