hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-17439) Make authentication Token retrieval amenable to coprocessor
Date Tue, 10 Jan 2017 19:03:58 GMT

    [ https://issues.apache.org/jira/browse/HBASE-17439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15815871#comment-15815871

Gary Helmling commented on HBASE-17439:

Can you explain a bit the use-case around why the coprocesor needs an authentication token?
 The coprocessor is already running in process with the regionserver, meaning it has the regionservers
krb credentials.  What is the authentication token used for?

> Make authentication Token retrieval amenable to coprocessor
> -----------------------------------------------------------
>                 Key: HBASE-17439
>                 URL: https://issues.apache.org/jira/browse/HBASE-17439
>             Project: HBase
>          Issue Type: Improvement
>          Components: Coprocessors, security
>            Reporter: Ted Yu
> In the course of solving HBASE-17435, [~jerryhe] and I noticed that it is cumbersome
for other coprocessor (such as SecureBulkLoadEndpoint) to retrieve authentication Token from
region server.
> Currently a Connection is needed to communicate with TokenProvider. Care is needed not
to introduce dead lock on the server side.
> This JIRA is to investigate feasibility of bypassing Connection / TokenProvider in the
retrieval of authentication Token for custom coprocessor. This involves some refactoring around

This message was sent by Atlassian JIRA

View raw message