Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
HBase, mail # user - hbase multi-user security


Copy link to this message
-
Re: hbase multi-user security
Devaraj Das 2012-07-12, 21:05
Wouldn't this work:

User user =
User.create(UserGroupInformation.createProxyUser(userToImpersonate, UserGroupInformation.getLoginUser()))

//Run the regionserver operation within a runAs (authentication will happen using the credentials of the loginuser)
user.runAs(...)

At the RPC layer, the connections are keyed by an object that has User instance too and so things should work.. The User class doesn't have a createProxyUser api - hence the call to UserGroupInformation.createProxyUser.

On Jul 12, 2012, at 1:09 PM, Andrew Purtell wrote:

> On Thu, Jul 12, 2012 at 12:44 PM, Tony Dean <[EMAIL PROTECTED]> wrote:
>
>> I'm wondering how that proxy user can be injected into the RPC connection when making requests.
>
> Right, hence the suggestion to be able to set User per thread, at
> least, via a thread local, so you can set at will and RPC will pick it
> up.
>
> Best regards,
>
>   - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet
> Hein (via Tom White)