hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-2016) [DAC] Authentication
Date Fri, 08 Nov 2013 22:01:18 GMT

    [ https://issues.apache.org/jira/browse/HBASE-2016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817740#comment-13817740

Andrew Purtell commented on HBASE-2016:

bq. Various ecosystem services like Hive or Oozie do support impersonation of end users, thus
bypassing that, and allow end users to be authenticated via pluggable authentication (which
may authenticate users against ldap, mysql database and such). But for HBase Shell there's
no impersonation possible as of now

Hive or Oozie impersonate by utilizing a service process registered with the NN in the NN
config to be afforded the elevated privilege of impersonation, and then they do their own
thing. The HBase shell is a regular HBase client wrapped with an HBase DSL within the JRuby
IRB, which could run anywhere, and cannot be trusted in that way. If I understand correctly,
what you could use is some kind of "administration server" which would reside at a fixed location
and could be trusted to impersonate, and then the shell could be modified to proxy administrative
commands through it. - Yes?

> [DAC] Authentication
> --------------------
>                 Key: HBASE-2016
>                 URL: https://issues.apache.org/jira/browse/HBASE-2016
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Andrew Purtell
>            Assignee: Gary Helmling
> Follow what Hadoop is doing. Authentication via JAAS: 
>     http://issues.apache.org/jira/browse/HADOOP-6299
>     http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html
> Should support Kerberos, Unix, and LDAP authentication options. 
> Integrate with authentication mechanisms for IPC and HDFS. 

This message was sent by Atlassian JIRA

View raw message