hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kumar r <kumarc...@gmail.com>
Subject Re: HBase thrift C# impersonation
Date Thu, 06 Oct 2016 06:18:58 GMT
Hi,

I have enabled doAs property as said in
http://hbase.apache.org/book.html#security.gateway.thrift.doas

  <property>
    <name>hbase.thrift.kerberos.principal</name>
    <value>principal</value>
  </property>
  <property>
    <name>hbase.thrift.keytab.file</name>
    <value>keytab</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.enabled</name>
    <value>true</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.keystore.store</name>
    <value>keystorelocation</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.keystore.password</name>
    <value>keystorepassword</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.keystore.keypassword</name>
    <value>keypasspassword</value>
  </property>
  <property>
    <name>hbase.thrift.security.qop</name>
    <value>auth-conf</value>
  </property>
  <property>
    <name>hbase.regionserver.thrift.http</name>
    <value>true</value>
  </property>
  <property>
    <name>hbase.thrift.support.proxyuser</name>
    <value>true</value>
  </property>

But when i run the DemoClient, facing errors

*hbase org.apache.hadoop.hbase.thrift.HttpDoAsClient machine1.example.com
<http://machine1.example.com> 10003 Kumar true*

Error logs - http://pastebin.com/ULSBi3Ci

and getting below WARN messages in HBase thrift server logs

2016-10-06 11:33:39,540 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:33:50,791 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:34:04,266 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:34:04,272 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?

Did i missed anything?

Help me to resolve the errors.

Thanks.

On Wed, Oct 5, 2016 at 2:50 PM, kumar r <kumarccpp@gmail.com> wrote:

> Hi Dima,
>
> Thanks for the update. Let me check further.
>
> On Wed, Oct 5, 2016 at 2:28 AM, Dima Spivak <dimaspivak@apache.org> wrote:
>
>> Hey Kumar,
>>
>> The ref guide section on enabling security for the Thrift gateway [1] is a
>> good place to start. Have you gone through that?
>>
>> 1. http://hbase.apache.org/book.html#security.gateway.thrift.doas
>>
>> -Dima
>>
>> On Tue, Oct 4, 2016 at 4:59 AM, kumar r <kumarccpp@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I need example for C# HBase thrift with doAs header.
>> >
>> > First of all, setting the below property isn't enough to enable
>> > authentication/impersonation?
>> >
>> >   <property>
>> >     <name>hbase.thrift.security.qop</name>
>> >     <value>auth-conf</value>
>> >   </property>
>> >
>> > After setting this property, i cannot access HBase via C# thrift. I need
>> > example to access HBase with doAs via C# thrift client.
>> >
>> > Help me to get it work.
>> >
>> > Thanks in advance,
>> > Kumar
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message