Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
HBase >> mail # user >> hbase multi-user security


+
Tony Dean 2012-07-11, 17:41
+
Ted Yu 2012-07-11, 17:49
+
Tony Dean 2012-07-11, 18:51
+
Andrew Purtell 2012-07-11, 19:11
+
Tony Dean 2012-07-12, 19:44
+
Andrew Purtell 2012-07-12, 20:09
+
Devaraj Das 2012-07-12, 21:05
+
Tony Dean 2012-07-12, 20:49
Copy link to this message
-
Re: hbase multi-user security
In the secure mode, the server will expect to see the [rpc-user == authenticating-user]. So (without code digging, IIRC) the idea of using a random rpc-user might not work.. The proxy user (my earlier mail) stuff attempts to address this problem. Please correct me if I am missing/overlooking something, Andrew.

On Jul 12, 2012, at 1:49 PM, Tony Dean wrote:

> gotcha.  why not create a UserContext thread-local class in which consumers can set a specific UGI that they create and thus the secure RPC client hbase code can use it if it's there; otherwise fallback to the static UGI loginUser?
>
> consumers can choose to take the thread-local hit or not.
>
> -Tony
>
> -----Original Message-----
> From: Andrew Purtell [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2012 4:09 PM
> To: [EMAIL PROTECTED]
> Subject: Re: hbase multi-user security
>
> On Thu, Jul 12, 2012 at 12:44 PM, Tony Dean <[EMAIL PROTECTED]> wrote:
>
>> I'm wondering how that proxy user can be injected into the RPC connection when making requests.
>
> Right, hence the suggestion to be able to set User per thread, at least, via a thread local, so you can set at will and RPC will pick it up.
>
> Best regards,
>
>   - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
>
>
+
Devaraj Das 2012-07-12, 18:13
+
Tony Dean 2012-07-12, 20:06