Return-Path: X-Original-To: apmail-hbase-user-archive@www.apache.org Delivered-To: apmail-hbase-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2BD31CDFE for ; Thu, 31 May 2012 18:57:10 +0000 (UTC) Received: (qmail 15042 invoked by uid 500); 31 May 2012 18:57:08 -0000 Delivered-To: apmail-hbase-user-archive@hbase.apache.org Received: (qmail 15007 invoked by uid 500); 31 May 2012 18:57:08 -0000 Mailing-List: contact user-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hbase.apache.org Delivered-To: mailing list user@hbase.apache.org Received: (qmail 14998 invoked by uid 99); 31 May 2012 18:57:08 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 May 2012 18:57:08 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of andrew.purtell@gmail.com designates 209.85.160.181 as permitted sender) Received: from [209.85.160.181] (HELO mail-gh0-f181.google.com) (209.85.160.181) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 May 2012 18:57:01 +0000 Received: by ghbz13 with SMTP id z13so1180265ghb.12 for ; Thu, 31 May 2012 11:56:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to; bh=F5Id/RomCvRaGBJlgWiUiJkjlt9HB8/fU5Jrr+dn2To=; b=EgiRGHcws7ObXvHtO3Ty6cp1c+KjI9PNMyKbCptt7jvNfchnu5yjbkTkRkbKgPeEUM Xp52nFV91U3+A4AYzWBSso1r4rfLzfh3pxIjVju0nOXQujO0vHhMREdOQ5n2ZI1o5K5U qAodomrsq110cMiqH57qXThZpMsENi0yBIQQtZF/f8TV5xQzRq3hv9Rqrpsn0UQZ96uf hqjR4zlbeuXtE96VwNayqMvrFYTWJsfzkm3VsbVbwj7mULB0xiZ8K0G7we9/6XzGgOm0 khnrr8doUbapxKqGLnJeFFAIWYiGOV95GzX0waQugPUmLF6Hq+U6ZtT0+LDpfoks9/0k VpjQ== Received: by 10.236.114.201 with SMTP id c49mr3422927yhh.110.1338490600753; Thu, 31 May 2012 11:56:40 -0700 (PDT) Received: from [10.45.218.74] ([166.137.10.39]) by mx.google.com with ESMTPS id e19sm5686415ann.10.2012.05.31.11.56.39 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 31 May 2012 11:56:40 -0700 (PDT) References: In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <669C5054-0A6D-4C6A-B8F0-C4445D43F3FA@gmail.com> Cc: "user@hbase.apache.org" X-Mailer: iPhone Mail (9B206) From: Andrew Purtell Subject: Re: HBase 0.94 security configurations Date: Thu, 31 May 2012 20:56:34 +0200 To: "user@hbase.apache.org" Security is optional.=20 If you don't set any SASL protected ACLs on znodes, then the client doesn't n= eed to authenticate, you should not add any security options to the site fil= e like you currently are, and the message on startup about the state of JAAS= configuration is informative only and is not relevant to you.=20 If you don't run with a server that supports security (like 3.3) then again t= he message on startup is only informative. - Andy On May 31, 2012, at 7:35 PM, Amit Sela wrote: > I still don't understand if it is optional to use the security or not ? >=20 > if i'll set the following in hbase-site.xml: >=20 > > hbase.zookeeper.property.requireClientAuthScheme > > Property from ZooKeeper's config zoo.cfg. > Authentication scheme. > > >=20 > will it cancel the need of sasl-authentication ? >=20 > If I go back to ZooKeeper 3.3.2 (which doesn't support security) - will > HBase 0.94 and Hadoop 1.0.3 work or must they run with a ZooKeeper that > supports security ? >=20 >=20 > On Thu, May 31, 2012 at 7:01 PM, Andrew Purtell wrot= e: >=20 >> See https://cwiki.apache.org/ZOOKEEPER/zookeeper-and-sasl.html >>=20 >> For a fully baked (but simple) example configuration, have a look at >> https://github.com/apurtell/tm-ec2-demo/ . Start with >>=20 >> https://github.com/apurtell/tm-ec2-demo/blob/master/bin/image/tarball/set= up-remote >>=20 >> On Thu, May 31, 2012 at 8:55 AM, Amit Sela wrote: >>> Hi all, >>>=20 >>> I'm upgrading our cluster with the following versions: >>> HBase 0.90.2 to 0.94.0 >>> Hadoop 0.20.3 to 1.0.3 >>> zookeeper 3.3.2 to 3.4.3 >>>=20 >>> As a first step, I'm trying to run some tests on my PC and I get a >>> SecurityException from zookeeper: >>> SecurityException: java.lang.SecurityException: Unable to locate a login= >>> configuration occurred when trying to find JAAS configuration. >>>=20 >>> =46rom what I understand, this means that I have to create a JAAS >>> configuration file and place it in the conf under HBASE_HOME. >>>=20 >>> First of all, Is there a way to disable the use of the new security >> feature >>> - I'm working on a local test cluster for now and I don't really need >> it... >>>=20 >>> If I must use a JAAS conf - could anyone elaborate on how to setup >>> everything: Kerberos KDC, JAAS Configuration file, where to put >> everything >>> and anything else I'm missing here. >>>=20 >>> Thanks. >>=20 >>=20 >>=20 >> -- >> Best regards, >>=20 >> - Andy >>=20 >> Problems worthy of attack prove their worth by hitting back. - Piet >> Hein (via Tom White) >>=20