hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aditya Kishore (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12230) User impersonation does not work in 'simple' mode.
Date Fri, 10 Oct 2014 23:21:34 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14167764#comment-14167764
] 

Aditya Kishore commented on HBASE-12230:
----------------------------------------

Let's assume that an organization has set up authentication at the REST gateway which is the
only entry point into the Hadoop/HBase cluster and hence would like to not enable security
inside the cluster. They also want to carry the identity of the user that they verified at
the REST gateway to the HBase service for audit purpose.

Even HBase RPC advertises [this|https://github.com/apache/hbase/blob/master/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java#L1769]
but fails since the proxy group configuration was not loaded at the time of initialization.

> User impersonation does not work in 'simple' mode.
> --------------------------------------------------
>
>                 Key: HBASE-12230
>                 URL: https://issues.apache.org/jira/browse/HBASE-12230
>             Project: HBase
>          Issue Type: Bug
>          Components: REST, security
>    Affects Versions: 0.98.6.1
>            Reporter: Aditya Kishore
>            Assignee: Aditya Kishore
>         Attachments: HBASE-12230-User-impersonation-does-not-work-in-simp.patch
>
>
> The [code responsible for initializing proxy configuration|https://github.com/apache/hbase/blob/7cfdb38c9274e306ac37374c147a978c2cef31d6/hbase-server/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java#L54]
does not execute unless {{"hadoop.security.authorization"}} is set to true. This is departure
from other Hadoop components. Impersonation should not be tied to authorization.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message