hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Devaraj Das <d...@hortonworks.com>
Subject Re: hbase multi-user security
Date Thu, 12 Jul 2012 21:13:45 GMT
In the secure mode, the server will expect to see the [rpc-user == authenticating-user]. So
(without code digging, IIRC) the idea of using a random rpc-user might not work.. The proxy
user (my earlier mail) stuff attempts to address this problem. Please correct me if I am missing/overlooking
something, Andrew.

On Jul 12, 2012, at 1:49 PM, Tony Dean wrote:

> gotcha.  why not create a UserContext thread-local class in which consumers can set a
specific UGI that they create and thus the secure RPC client hbase code can use it if it's
there; otherwise fallback to the static UGI loginUser?
> 
> consumers can choose to take the thread-local hit or not.
> 
> -Tony
> 
> -----Original Message-----
> From: Andrew Purtell [mailto:apurtell@apache.org] 
> Sent: Thursday, July 12, 2012 4:09 PM
> To: user@hbase.apache.org
> Subject: Re: hbase multi-user security
> 
> On Thu, Jul 12, 2012 at 12:44 PM, Tony Dean <Tony.Dean@sas.com> wrote:
> 
>> I'm wondering how that proxy user can be injected into the RPC connection when making
requests.
> 
> Right, hence the suggestion to be able to set User per thread, at least, via a thread
local, so you can set at will and RPC will pick it up.
> 
> Best regards,
> 
>   - Andy
> 
> Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
> 
> 


Mime
View raw message