[ https://issues.apache.org/jira/browse/HBASE-9866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13810773#comment-13810773 ]
Dilli Arumugam commented on HBASE-9866: --------------------------------------- In response to Question from Jimmy Why do we need this? REST server does support proxy users. You should use -u to specify the user, right? curl -i --negotiate -u <USER>/DOMAIN http://<HOST>:<PORT>/version/cluster We need this for Apache Knox. Apache Knox provides perimeter security. The flow would be Rest Client -> Knox -> HBase Rest Gateway Knox authenticates its Rest client using Http Basic. Knox itself authenticates to HBase Rest Gateway using SPNego. Then, Knox proxies for the end user. So, HBase Rest gateway should allow Knox to pass doAs parameter with the value of end user identity. > Support the mode where REST server authorizes proxy users > --------------------------------------------------------- > > Key: HBASE-9866 > URL: https://issues.apache.org/jira/browse/HBASE-9866 > Project: HBase > Issue Type: Improvement > Reporter: Devaraj Das > Assignee: Devaraj Das > Fix For: 0.96.1 > > Attachments: 9866-1.txt > > > In one use case, someone was trying to authorize with the REST server as a > proxy user. That mode is not supported today. > The curl request would be something like (assuming SPNEGO auth) - > {noformat} > curl -i --negotiate -u : http://<HOST>:<PORT>/version/cluster?doas=<USER> > {noformat} -- This message was sent by Atlassian JIRA (v6.1#6144)