hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srikanth Srungarapu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12640) Add doAs support for Thrift Server
Date Mon, 08 Dec 2014 19:59:12 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14238383#comment-14238383
] 

Srikanth Srungarapu commented on HBASE-12640:
---------------------------------------------

bq. Why Thrift over HTTP with SSL authentication? Doesn't Thrift support SASL? (I think it
does.) Does that make more sense?
Yeah, Thrift does support SASL. But the problem with this apart from validating client to
Thrift, there is no way(at least I couldn't find any)  to specify "doAs" for each request
made through the client.
bq. All of our client access methods use Kerberos authentication except for hbase-rest, which
already provides support for data access over HTTP/HTTPS. 
This feature is a customer ask and they seem to be contended with using Thrift interface and
not interested in migrating to REST interface. They just requested us to add provision for
"doAs" support.
bq. We need a HBase access via HTTP option in Thrift too?
I did have an offline chat with [~jxiang] about how to go about solving this problem. He suggested
me to adapt the existing hive mechanism (HIVE-6738). But, if you think there is a better way,
please do suggest...



> Add doAs support for Thrift Server
> ----------------------------------
>
>                 Key: HBASE-12640
>                 URL: https://issues.apache.org/jira/browse/HBASE-12640
>             Project: HBase
>          Issue Type: Improvement
>          Components: Thrift
>            Reporter: Srikanth Srungarapu
>            Assignee: Srikanth Srungarapu
>         Attachments: HBASE-12640_v1.patch
>
>
> In HBASE-11349, impersonation support has been added to Thrift Server. But the limitation
is thrift client must use same set of credentials throughout the session. These changes will
help us in circumventing this problem, by allowing user to populate doAs parameter as per
his needs. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message