hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
Date Mon, 18 Jun 2012 13:50:43 GMT

    [ https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13395890#comment-13395890
] 

Matteo Bertozzi commented on HBASE-4791:
----------------------------------------

{quote}Configuration.setConfiguration overwrites the default configuration. May cause problems,
if client application also expects this way.{quote}
If your configuration keeps the previous one and returns the previous one when someone request
data not handled by this custom configuration, I don't see where is the problem. Is just adding
a new property to the conf. Maybe there's a better way then override login.Configuration

{quote}For every ZooKeeper client connection we need to do this Configuration.setConfiguration.{quote}
Is not per connection but per process, this means Region Servers and Master. In the draft
patch attached at startup RS and Master calls ZKUtil.Login to setup the LoginContext the same
thing as UserLogin does now. 
                
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only
by reading JAAS configuration file)
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-4791
>                 URL: https://issues.apache.org/jira/browse/HBASE-4791
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, zookeeper
>            Reporter: Eugene Koontz
>            Assignee: Eugene Koontz
>              Labels: security, zookeeper
>         Attachments: DemoConfig.java, HBASE-4791-v0.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file specified in
    System.setProperty("java.security.auth.login.config"). 
> However, it might be preferable to construct a JAAS configuration programmatically, as
is done with secure Hadoop (see https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting, and allow
instead an HBase-local configuration setting.	

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message