[ https://issues.apache.org/jira/browse/HBASE-17860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951593#comment-15951593 ]
Ted Yu edited comment on HBASE-17860 at 3/31/17 10:09 PM: ---------------------------------------------------------- Here is brief procedure for testing: * install cyrus-sasl-2.1.26 on docker vm and export CYRUS_SASL_PLUGINS_DIR pointing to the directory where sasl library resides * follow this link to install kerberos packages: https://help.ubuntu.com/lts/serverguide/kerberos.html * follow this link to configure KDC: https://www.rootusers.com/how-to-configure-linux-to-authenticate-using-kerberos/ * generate hbase-host.keytab for server (and optionally hbase.keytab for user, if you don't want to type password) * run kinit with the keytab for user "hbase", or by providing password to kinit * apply the patch which sets necessary config in conf/hbase-site.xml * run bin/start-hbase.sh to start hbase server * use hbase shell to create table (test would populate the table with:) {code} test1 column=d:1, timestamp=1490984371943, value=value1 test1 column=d:extra, timestamp=1490984371949, value=value for extra test2 column=d:2, timestamp=1490831145321, value=value2 test2 column=d:extra, timestamp=1490831219721, value=value for extra {code} * run the following command and verify that ClientTest.PutGet passes: buck test //core:client-test --no-results-cache was (Author: yuzhih...@gmail.com): Here is brief procedure for testing: * install cyrus-sasl-2.1.26 on docker vm and export CYRUS_SASL_PLUGINS_DIR pointing to the directory where sasl library resides * follow this link to install kerberos packages: https://help.ubuntu.com/lts/serverguide/kerberos.html * follow this link to configure KDC: https://www.rootusers.com/how-to-configure-linux-to-authenticate-using-kerberos/ * generate hbase-host.keytab for server (and optionally hbase.keytab for user) * run kinit with the keytab * apply the patch which sets necessary config in conf/hbase-site.xml * run bin/start-hbase.sh to start hbase server * use hbase shell to create table (test would populate the table with:) {code} test1 column=d:1, timestamp=1490984371943, value=value1 test1 column=d:extra, timestamp=1490984371949, value=value for extra test2 column=d:2, timestamp=1490831145321, value=value2 test2 column=d:extra, timestamp=1490831219721, value=value for extra {code} * run the following command and verify that ClientTest.PutGet passes: buck test //core:client-test --no-results-cache > Implement secure native client connection > ----------------------------------------- > > Key: HBASE-17860 > URL: https://issues.apache.org/jira/browse/HBASE-17860 > Project: HBase > Issue Type: Sub-task > Reporter: Ted Yu > Assignee: Ted Yu > Priority: Critical > > So far, the native client communicates with insecure cluster. > This JIRA is to add secure connection support for native client using Cyrus > library. > The work is based on earlier implementation and is redone via wangle and > folly frameworks. > Thanks to [~devaraj] who started the initiative. > Here is high level description of the design: > * SaslHandler is declared as: > {code} > class SaslHandler > : public wangle::HandlerAdapter<folly::IOBufQueue&, > std::unique_ptr<folly::IOBuf>>{ > {code} > It would be inserted between EventBaseHandler and > LengthFieldBasedFrameDecoder in the pipeline (via > ConnectionFactory::Connect()) > * SaslHandler would intercept writes to server by buffering the IOBuf's and > start the handshake process (via sasl_client_XX calls provided by Cyrus) > * after handshake is complete, SaslHandler would send the buffered IOBuf's to > server and act as pass-thru from then on -- This message was sent by Atlassian JIRA (v6.3.15#6346)