hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Antonov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-9929) Trusted administration server
Date Sat, 09 Nov 2013 00:30:18 GMT

    [ https://issues.apache.org/jira/browse/HBASE-9929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817898#comment-13817898
] 

Mikhail Antonov commented on HBASE-9929:
----------------------------------------

Yes, I agree that's not really HBase feature, more like very custom requirement which has
to be implemented as a custom solution.

> Trusted administration server
> -----------------------------
>
>                 Key: HBASE-9929
>                 URL: https://issues.apache.org/jira/browse/HBASE-9929
>             Project: HBase
>          Issue Type: New Feature
>            Reporter: Andrew Purtell
>
> Some deployments would like to avoid needing kerberos principals for taking administrative
actions with the HBase shell, substituting their own authentication. The HBase shell is a
regular HBase client, which could run anywhere, and cannot be trusted with simple authentication
or impersonation of arbitrary users. 
> Other Hadoop ecosystem components have a service process registered in cluster configuration
afforded the elevated privilege of impersonation. For HBase, this could be a trusted administration
server that would reside at a fixed location, could be trusted to impersonate, with the shell
modified to optionally proxy administrative commands through it.
> Carried over from HBASE-2016 without comment.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message