[ https://issues.apache.org/jira/browse/HBASE-5050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13171086#comment-13171086 ]
Alejandro Abdelnur commented on HBASE-5050: ------------------------------------------- Hadoop 0.23 onwards has a hadoop-auth artifact that provides SPNEGO/Kerberos authentication for webapps via a filter. You should consider using it. You don't have to move Hbase to 0.23 for that, just consume the hadoop-auth artifact, which has no dependencies on the rest of Hadoop 0.23 artifacts. > [rest] SPNEGO-based authentication > ---------------------------------- > > Key: HBASE-5050 > URL: https://issues.apache.org/jira/browse/HBASE-5050 > Project: HBase > Issue Type: Improvement > Components: rest, security > Reporter: Andrew Purtell > > Currently the REST gateway can authenticate to a HBase cluster using a > preconfigured principal. This provides a limited form of secure operation > where one or more gateways can be deployed with distinct principals granting > appropriate levels of privilege, but the service ports must be protected > through network ACLs. This is at best a stopgap. > SPNEGO is the standard mechanism for Kerberos authentication over HTTP. > Enhance the REST gateway such that it provides this option, and issues > requests to the HBase cluster with the established context. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira