hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Purtell <andrew.purt...@gmail.com>
Subject Re: HBase 0.94 security configurations
Date Thu, 31 May 2012 18:56:34 GMT
Security is optional. 

If you don't set any SASL protected ACLs on znodes, then the client doesn't need to authenticate,
you should not add any security options to the site file like you currently are, and the message
on startup about the state of JAAS configuration is informative only and is not relevant to
you. 

If you don't run with a server that supports security (like 3.3) then again the message on
startup is only informative.

    - Andy

On May 31, 2012, at 7:35 PM, Amit Sela <amits@infolinks.com> wrote:

> I still don't understand if it is optional to use the security or not ?
> 
> if i'll set the following in hbase-site.xml:
> 
> <property>
>        <name>hbase.zookeeper.property.requireClientAuthScheme</name>
>        <value></value>
>        <description>Property from ZooKeeper's config zoo.cfg.
>            Authentication scheme.
>        </description>
> </property>
> 
> will it cancel the need of sasl-authentication ?
> 
> If I go back to ZooKeeper 3.3.2 (which doesn't support security) - will
> HBase 0.94 and Hadoop 1.0.3 work or must they run with a ZooKeeper that
> supports security ?
> 
> 
> On Thu, May 31, 2012 at 7:01 PM, Andrew Purtell <apurtell@apache.org> wrote:
> 
>> See https://cwiki.apache.org/ZOOKEEPER/zookeeper-and-sasl.html
>> 
>> For a fully baked (but simple) example configuration, have a look at
>> https://github.com/apurtell/tm-ec2-demo/ . Start with
>> 
>> https://github.com/apurtell/tm-ec2-demo/blob/master/bin/image/tarball/setup-remote
>> 
>> On Thu, May 31, 2012 at 8:55 AM, Amit Sela <amits@infolinks.com> wrote:
>>> Hi all,
>>> 
>>> I'm upgrading our cluster with the following versions:
>>> HBase 0.90.2 to 0.94.0
>>> Hadoop 0.20.3 to 1.0.3
>>> zookeeper 3.3.2 to 3.4.3
>>> 
>>> As a first step, I'm trying to run some tests on my PC and I get a
>>> SecurityException from zookeeper:
>>> SecurityException: java.lang.SecurityException: Unable to locate a login
>>> configuration occurred when trying to find JAAS configuration.
>>> 
>>> From what I understand, this means that I have to create a JAAS
>>> configuration file and place it in the conf under HBASE_HOME.
>>> 
>>> First of all, Is there a way to disable the use of the new security
>> feature
>>> - I'm working on a local test cluster for now and I don't really need
>> it...
>>> 
>>> If I must use a JAAS conf - could anyone elaborate on how to setup
>>> everything: Kerberos KDC, JAAS Configuration file, where to put
>> everything
>>> and anything else I'm missing here.
>>> 
>>> Thanks.
>> 
>> 
>> 
>> --
>> Best regards,
>> 
>>   - Andy
>> 
>> Problems worthy of attack prove their worth by hitting back. - Piet
>> Hein (via Tom White)
>> 

Mime
View raw message