hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Devaraj Das <d...@hortonworks.com>
Subject Re: hbase multi-user security
Date Thu, 12 Jul 2012 21:05:24 GMT
Wouldn't this work:

User user = 
User.create(UserGroupInformation.createProxyUser(userToImpersonate, UserGroupInformation.getLoginUser()))

//Run the regionserver operation within a runAs (authentication will happen using the credentials
of the loginuser)
user.runAs(...)

At the RPC layer, the connections are keyed by an object that has User instance too and so
things should work.. The User class doesn't have a createProxyUser api - hence the call to
UserGroupInformation.createProxyUser.

On Jul 12, 2012, at 1:09 PM, Andrew Purtell wrote:

> On Thu, Jul 12, 2012 at 12:44 PM, Tony Dean <Tony.Dean@sas.com> wrote:
> 
>> I'm wondering how that proxy user can be injected into the RPC connection when making
requests.
> 
> Right, hence the suggestion to be able to set User per thread, at
> least, via a thread local, so you can set at will and RPC will pick it
> up.
> 
> Best regards,
> 
>   - Andy
> 
> Problems worthy of attack prove their worth by hitting back. - Piet
> Hein (via Tom White)


Mime
View raw message