Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
HBase >> mail # user >> hbase multi-user security


+
Tony Dean 2012-07-11, 17:41
+
Ted Yu 2012-07-11, 17:49
+
Tony Dean 2012-07-11, 18:51
+
Andrew Purtell 2012-07-11, 19:11
+
Tony Dean 2012-07-12, 19:44
+
Andrew Purtell 2012-07-12, 20:09
+
Devaraj Das 2012-07-12, 21:05
+
Tony Dean 2012-07-12, 20:49
Copy link to this message
-
Re: hbase multi-user security
In the secure mode, the server will expect to see the [rpc-user == authenticating-user]. So (without code digging, IIRC) the idea of using a random rpc-user might not work.. The proxy user (my earlier mail) stuff attempts to address this problem. Please correct me if I am missing/overlooking something, Andrew.

On Jul 12, 2012, at 1:49 PM, Tony Dean wrote:

> gotcha.  why not create a UserContext thread-local class in which consumers can set a specific UGI that they create and thus the secure RPC client hbase code can use it if it's there; otherwise fallback to the static UGI loginUser?
>
> consumers can choose to take the thread-local hit or not.
>
> -Tony
>
> -----Original Message-----
> From: Andrew Purtell [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2012 4:09 PM
> To: [EMAIL PROTECTED]
> Subject: Re: hbase multi-user security
>
> On Thu, Jul 12, 2012 at 12:44 PM, Tony Dean <[EMAIL PROTECTED]> wrote:
>
>> I'm wondering how that proxy user can be injected into the RPC connection when making requests.
>
> Right, hence the suggestion to be able to set User per thread, at least, via a thread local, so you can set at will and RPC will pick it up.
>
> Best regards,
>
>   - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
>
>
+
Devaraj Das 2012-07-12, 18:13
+
Tony Dean 2012-07-12, 20:06
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB