hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-9929) Trusted administration server
Date Fri, 08 Nov 2013 22:38:18 GMT

    [ https://issues.apache.org/jira/browse/HBASE-9929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817776#comment-13817776
] 

Gary Helmling commented on HBASE-9929:
--------------------------------------

Rewording my comment from HBASE-2016 in order to capture it here as well:

I don't really see a proxy for HBase shell, which would need its own kerberos credentials
and would have to perform its own authentication of clients, as core HBase functionality.
Instead it's like putting a proxy in place in order to circumvent security.  Instead, I think
the best direction for HBase would be to invest effort to support pluggable authentication
of clients at the RPC layer, using the same mechanisms under development for Hadoop.

However, if someone does want to invest the effort to support an impersonating proxy for shell
commands as an optional service, that is completely up to them, as long as it does not undermine
core security.

> Trusted administration server
> -----------------------------
>
>                 Key: HBASE-9929
>                 URL: https://issues.apache.org/jira/browse/HBASE-9929
>             Project: HBase
>          Issue Type: New Feature
>            Reporter: Andrew Purtell
>
> Some deployments would like to avoid needing kerberos principals for taking administrative
actions with the HBase shell, substituting their own authentication. The HBase shell is a
regular HBase client, which could run anywhere, and cannot be trusted with simple authentication
or impersonation of arbitrary users. 
> Other Hadoop ecosystem components have a service process registered in cluster configuration
afforded the elevated privilege of impersonation. For HBase, this could be a trusted administration
server that would reside at a fixed location, could be trusted to impersonate, with the shell
modified to optionally proxy administrative commands through it.
> Carried over from HBASE-2016 without comment.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message