hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pan Yuxuan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-17701) Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web ui
Date Wed, 01 Mar 2017 02:18:45 GMT

    [ https://issues.apache.org/jira/browse/HBASE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15889348#comment-15889348
] 

Pan Yuxuan commented on HBASE-17701:
------------------------------------

[~elserj] [~jerryhe]
Thanks for your remind of the JIRA HBASE-5291.
But I don't think they are the same. HBASE-5291 only support kerberos authentication, but
in hadoop-auth, there are some other kinds of anthentication, such as token.
If HBase uses AuthenticationFilter, HBase will load the hadoop.http.authentication.* configurations
from core-site.xml, in that way, the HBase ui can be authenticated by the way hadoop does.


> Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web
ui
> ----------------------------------------------------------------------------------------
>
>                 Key: HBASE-17701
>                 URL: https://issues.apache.org/jira/browse/HBASE-17701
>             Project: HBase
>          Issue Type: Improvement
>          Components: UI
>    Affects Versions: 1.2.4
>            Reporter: Pan Yuxuan
>         Attachments: HBASE-17701.v1.patch
>
>
> The HBase web UI is none secure by default, there is only one StaticUserWebFilter for
a fake user.
> For Hadoop, we already have AuthenticationFilter for web authentication based on token
or kerberos. So I think hbase can reuse the hadoop-auth AuthenticationFilter by adding a HadoopAuthFilterInitializer.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message