Hi All, As per current implementation done for https://issues.apache.org/jira/i#browse/HBASE-11349 && https://issues.apache.org/jira/i#browse/HBASE-11474 ,
The authentication mechanism using Kerberos principal for Thrift server with HBase is perfectly fine. But for clients communicating to HBase via thrift server does not handle the security mechanism. Any unauthenticated client can access HBase via thrift server. The thrift sever can act as a backdoor entry for skipping the security & authentication. It will be better if thrift clients can also be authenticated through some mechanism like Kerberos or IP restriction,etc Let us discuss on mechanism for thrift client authentication that can be implemented. *************************************************************************************** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!