[jira] [Commented] (HBASE-20886) [Auth] Support keytab login in hbase client

Mon, 23 Jul 2018 20:22:17 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-20886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16553746#comment-16553746
 ] 

Reid Chan commented on HBASE-20886:
-----------------------------------

The original thought of this issue comes from description.
{quote}
There're lots of questions about how to connect to kerberized hbase cluster 
through hbase client api from user-mail and slack channel.
{quote}

bq. where we smash some existing credentials in the JVM.
If client plans to login 2 identities in one application, no matter this client 
runs hbase or not, his JVM will have credentials issue.
As long as the same identity, from my knowledge, it is just a matter of expired 
time update, comparing to those long running job with numerous re-login, login 
one more time at the beginning does no harm. (But i already address this 
concern from v2, to reuse the login client if it exists)

I'll address those comments and upload a new patch, if folks still think it 
unnecessary(-1) or "too helpful"(-0), i shall leave it.

> [Auth] Support keytab login in hbase client
> -------------------------------------------
>
>                 Key: HBASE-20886
>                 URL: https://issues.apache.org/jira/browse/HBASE-20886
>             Project: HBase
>          Issue Type: Improvement
>          Components: asyncclient, Client, security
>            Reporter: Reid Chan
>            Assignee: Reid Chan
>            Priority: Critical
>         Attachments: HBASE-20886.master.001.patch, 
> HBASE-20886.master.002.patch, HBASE-20886.master.003.patch, 
> HBASE-20886.master.004.patch
>
>
> There're lots of questions about how to connect to kerberized hbase cluster 
> through hbase-client api from user-mail and slack channel.
> {{hbase.client.keytab.file}} and {{hbase.client.keytab.principal}} are 
> already existed in code base, but they are only used in {{Canary}}.
> This issue is to make use of two configs to support client-side keytab based 
> login, after this issue resolved, hbase-client should directly connect to 
> kerberized cluster without changing any code as long as 
> {{hbase.client.keytab.file}} and {{hbase.client.keytab.principal}} are 
> specified.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to