hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-7357) HBaseClient and HBaseServer should use hbase.security.authentication when negotiating authentication
Date Fri, 14 Dec 2012 21:56:12 GMT

    [ https://issues.apache.org/jira/browse/HBASE-7357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13532704#comment-13532704
] 

Gary Helmling commented on HBASE-7357:
--------------------------------------

[~yuzhihong@gmail.com] That could be reasonable to do.  While it's technically possible to
run HBase RPC with strong authentication without using strong auth for HDFS, you're voiding
most security guarantees by doing so.
                
> HBaseClient and HBaseServer should use hbase.security.authentication when negotiating
authentication
> ----------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-7357
>                 URL: https://issues.apache.org/jira/browse/HBASE-7357
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>
> This came up in the context of testing HBASE-6788.  Currently HBaseClient and HBaseServer
call UserGroupInformation.isSecurityEnabled() when determining whether or not to use SASL
to negotiate connections.  This means they are using the hadoop.security.authentication configuration
value.  Since this is in the context of HBase RPC connections, it seems more correct to use
the hbase.security.authentication configuration value by calling User.isHBaseSecurityEnabled().

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message