Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 23391200C09 for ; Tue, 10 Jan 2017 20:04:00 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 21CE1160B2C; Tue, 10 Jan 2017 19:04:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9ACB5160B3D for ; Tue, 10 Jan 2017 20:03:59 +0100 (CET) Received: (qmail 2152 invoked by uid 500); 10 Jan 2017 19:03:58 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 1811 invoked by uid 99); 10 Jan 2017 19:03:58 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jan 2017 19:03:58 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 728A82C2A66 for ; Tue, 10 Jan 2017 19:03:58 +0000 (UTC) Date: Tue, 10 Jan 2017 19:03:58 +0000 (UTC) From: "Gary Helmling (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HBASE-17439) Make authentication Token retrieval amenable to coprocessor MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 10 Jan 2017 19:04:00 -0000 [ https://issues.apache.org/jira/browse/HBASE-17439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15815871#comment-15815871 ] Gary Helmling commented on HBASE-17439: --------------------------------------- Can you explain a bit the use-case around why the coprocesor needs an authentication token? The coprocessor is already running in process with the regionserver, meaning it has the regionservers krb credentials. What is the authentication token used for? > Make authentication Token retrieval amenable to coprocessor > ----------------------------------------------------------- > > Key: HBASE-17439 > URL: https://issues.apache.org/jira/browse/HBASE-17439 > Project: HBase > Issue Type: Improvement > Components: Coprocessors, security > Reporter: Ted Yu > > In the course of solving HBASE-17435, [~jerryhe] and I noticed that it is cumbersome for other coprocessor (such as SecureBulkLoadEndpoint) to retrieve authentication Token from region server. > Currently a Connection is needed to communicate with TokenProvider. Care is needed not to introduce dead lock on the server side. > This JIRA is to investigate feasibility of bypassing Connection / TokenProvider in the retrieval of authentication Token for custom coprocessor. This involves some refactoring around AuthenticationTokenSecretManager. -- This message was sent by Atlassian JIRA (v6.3.4#6332)