[
https://issues.apache.org/jira/browse/HBASE-9866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13810773#comment-13810773
]
Dilli Arumugam commented on HBASE-9866:
---------------------------------------
In response to Question from Jimmy
Why do we need this? REST server does support proxy users. You should use -u to
specify the user, right?
curl -i --negotiate -u <USER>/DOMAIN http://<HOST>:<PORT>/version/cluster
We need this for Apache Knox.
Apache Knox provides perimeter security.
The flow would be
Rest Client -> Knox -> HBase Rest Gateway
Knox authenticates its Rest client using Http Basic.
Knox itself authenticates to HBase Rest Gateway using SPNego.
Then, Knox proxies for the end user.
So, HBase Rest gateway should allow Knox to pass doAs parameter with the value
of end user identity.
> Support the mode where REST server authorizes proxy users
> ---------------------------------------------------------
>
> Key: HBASE-9866
> URL: https://issues.apache.org/jira/browse/HBASE-9866
> Project: HBase
> Issue Type: Improvement
> Reporter: Devaraj Das
> Assignee: Devaraj Das
> Fix For: 0.96.1
>
> Attachments: 9866-1.txt
>
>
> In one use case, someone was trying to authorize with the REST server as a
> proxy user. That mode is not supported today.
> The curl request would be something like (assuming SPNEGO auth) -
> {noformat}
> curl -i --negotiate -u : http://<HOST>:<PORT>/version/cluster?doas=<USER>
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
