hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Dean <Tony.D...@sas.com>
Subject HBase Security API
Date Mon, 02 Jul 2012 00:29:45 GMT
Posting this again in plaintext to see if it registers successfully.

Hi,

It appears that the Kerberos authentication integration into HBase is via JAAS Krb5LoginModule.
 That is,
I can setup up the "Client" application context and configure where/how the client Kerberos
principle is
authenticated (TGT).  Correct?  If I have a multi-tenant application that performs scans/gets/puts
based
on different users, what is the appropriate way to specify the Kerberos principle to use on
each thread?
I was thinking that I could use a JAAS callbackHandler to specify the principle to use and
then configure
the login module to query a keytab for the principal's password key.  Or do I have to create
a Subject and
configure the login module to use the shared state?

What's an application's integration point into specifying what client Kerberos principal to
authenticate and use.


Thank you!


Tony Dean
SAS Institute Inc.
Senior Software Developer
919-531-6704





Mime
View raw message