Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
HBase >> mail # dev >> Secure Hadoop and non-secure HBase


Copy link to this message
-
Re: Secure Hadoop and non-secure HBase
Hi Eric,

If you configure

hbase.master.keytab.file
hbase.master.kerberos.principal
hbase.regionserver.keytab.file
hbase.regionserver.kerberos.principal

in your hbase-site.xml, then the master and region server processes should
login from the keytab files on startup, as Todd mentions.  It's also my
understanding that they don't need a renewal thread in that case.  The RPC
client just tries a relogin from the keytab in the case of a connection
error.

Can you describe a bit more what you're seeing so that we can understand the
context?

Gary
On Sun, Sep 11, 2011 at 3:13 PM, Todd Lipcon <[EMAIL PROTECTED]> wrote:

> Hi Eric,
>
> Could you please explain more fully what you mean by this? The daemons
> generally run using keytabs, not user credentials, and thus shouldn't
> need the explicit TGT Renewer, right?
>
> -Todd
>
> On Sun, Sep 11, 2011 at 11:04 AM, Eric Yang <[EMAIL PROTECTED]> wrote:
> > Hi all,
> >
> > Hortonworks has a patch for secure append for Apache Hadoop 0.20.205 to
> work with HBase 0.90.x.  However, secure Hadoop and HBase would work until
> kerberos token expires.  There is currently no code that renews kerberos
> token in HBase.  Hence, it is possible to add a cron job to periodically
> renew the HBase user token to keep the system running.  What does the
> community think about having a setup script for cron job as part of HBase
> upcoming minor release, and fix the token renewal in HBase code for the next
> major version.  On the other hand, would the community accept the token
> renewal code in HBase as part of the upcoming 0.90.5 release?  If yes, what
> is the time line for 0.90.5?
> >
> > regards,
> > Eric
>
>
>
> --
> Todd Lipcon
> Software Engineer, Cloudera
>
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB