hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ngkmh <ng...@yahoo.com>
Subject Connecting to secured HBase using Java and hbase.regionserver.kerberos.principal
Date Wed, 15 Jun 2016 12:41:14 GMT

I'm doing some prototyping with HBase and I currently have a *secured*
single node HBase installation.  

One of the things I need to work out is how we will connect from Java. 
After alot of trial and error (there does not seem to be much documentation
on this), I found that the minimum config settings were: 

        Configuration conf = new Configuration();

        conf.set("hbase.zookeeper.quorum", "zookeeperServer");
        conf.set("hbase.zookeeper.property.clientPort", "2181");  
        conf.set("hbase.security.authentication", "kerberos");         
        conf.set("hbase.rpc.protection", "privacy");
        Connection connection = null;

        try {
SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
              UserGroupInformation ugi =
UserGroupInformation.loginUserFromKeytabAndReturnUGI("user", "user.keytab");
              User user = User.create(ugi);
              connection = ConnectionFactory.createConnection(conf);
              connection = ConnectionFactory.createConnection(conf, user);


Now thats OK with a single server.  

However, what if you have multiple region servers located on different
machines.  The Region Server Kerberos principal is supposed to be 

What Kerberos principal am I supposed to use, when there are potentially

Does this mean that I should use the same principal for all region servers
and break the standard for principal names?

And finally, does anyone know why does the java client need this setting?



View this message in context: http://apache-hbase.679495.n3.nabble.com/Connecting-to-secured-HBase-using-Java-and-hbase-regionserver-kerberos-principal-tp4080631.html
Sent from the HBase Developer mailing list archive at Nabble.com.

View raw message