hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Dean <Tony.D...@sas.com>
Subject hbase multi-user security
Date Wed, 11 Jul 2012 17:41:20 GMT

Looking into hbase security, it appears that when HBaseRPC is creating a proxy (e.g., SecureRpcEngine),
it injects the current user:
User.getCurrent() which by default is the cached Kerberos TGT (kinit'ed user - using the "hadoop-user-kerberos"
JAAS context).

Since the server proxy always uses User.getCurrent(), how can an application inject the user
it wants to use for authorization checks on the peer (region server)?

And since SecureHadoopUser is a static class, how can you have more than 1 active user in
the same application?

What you have works for a single user application like the hbase shell, but what about a multi-user

Am I missing something?

Tony Dean
SAS Institute Inc.
Senior Software Developer

View raw message