Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Hadoop >> mail # user >> HBase client with security

Lanati, Matteo 2013-08-29, 08:33
Copy link to this message
RE: HBase client with security
Please ask this question in [EMAIL PROTECTED], you would get better response there.

Devaraj k
-----Original Message-----
From: Lanati, Matteo [mailto:[EMAIL PROTECTED]]
Sent: 29 August 2013 14:03
Subject: HBase client with security

Hi all,

I set up Hadoop (1.2.0), Zookeeper (3.4.5) and HBase (0.94.8-security) with security.
HBase works if I launch the shell from the node running the master, but I'd like to use it from an external machine.
I prepared one, copying the Hadoop and HBase installation folders and adapting the path (indeed I can use the same client to run MR jobs and interact with HDFS).
Regarding HBase client configuration:

- hbase-site.xml specifies


where the zookeeper hosts are reachable and can be solved via DNS. I had to specify them otherwise the shell complains about "org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss for /hbase/hbaseid"

- I have a keytab for the principal I want to use (<user running hbase/my client hostname@MYREALM>), correctly addressed by the file hbase/conf/zk-jaas.conf. In hbase-env.sh, the variable HBASE_OPTS points to zk-jaas.conf.

Nonetheless, when I issue a command from a HBase shell on the client machine, I got an error in the HBase master log

2013-08-29 10:11:30,890 WARN org.apache.hadoop.ipc.HBaseServer: IPC Server listener on 60000: readAndProcess threw exception org.apache.hadoop.security.AccessControlException: Authentication is required. Count of bytes read: 0
org.apache.hadoop.security.AccessControlException: Authentication is required
at org.apache.hadoop.hbase.ipc.SecureServer$SecureConnection.readAndProcess(SecureServer.java:435)
at org.apache.hadoop.hbase.ipc.HBaseServer$Listener.doRead(HBaseServer.java:748)
at org.apache.hadoop.hbase.ipc.HBaseServer$Listener$Reader.doRunLoop(HBaseServer.java:539)
at org.apache.hadoop.hbase.ipc.HBaseServer$Listener$Reader.run(HBaseServer.java:514)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

It looks like there's a mismatch between the client and the master regarding the authentication mechanism. Note that from the same client machine I can launch and use a Zookeeper shell.
What am I missing in the client configuration? Does /etc/krb5.conf play any role into this?

Matteo Lanati
Distributed Resources Group
Leibniz-Rechenzentrum (LRZ)
Boltzmannstrasse 1
85748 Garching b. München (Germany)
Phone: +49 89 35831 8724