[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eugene Koontz updated HBASE-4791:
-
Issue Type: Improvement (was: Bug)
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: HBASE-4791-v1.patch
I'll try to explain how the jaas.conf works...
On the first call of javax.security.auth.login.Configuration.getConfiguration()
"login.configuration.provider" property is checked to see what is the
Configuration class that handle the jaas.
If the property is not set "com.sun.security.auth.login.ConfigFile" is used as
jaas.conf reader...
It checks if the "java.security.auth.login.config" was specified, and if so it
reads the file and keep the "jaas options".
So in your JVM there's just one single instance of auth.login.Configuration
running.
The idea here, is to avoid to specify the
-Djava.security.auth.login.config=jaas.conf for HBase Region Server and HBase
Master, and use instead the hbase-site. One simple way to do that is to create
a custom auth.login.Configuration class that returns the "jaas option" for
needed to HBase.
Now you've to options to use your Configuration class: setting the
"login.configuration.provider" property to pointing to the proper class the
other way is to call auth.login.Configuration.setConfiguration() and provide
the custom configuration class.
I've choosen the second way since you don't have to rely on "Have I already
called Configuration.getConfiguration()" somewhere? and put the setProperty()
as first line... but the only thing to be aware is "do this before connect to
zookeeper".
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v0.patch, HBASE-4791-v1.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: (was: HBASE-4791-v1.patch)
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: DemoConfig.java
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: (was: HBASE-4791-v0.patch)
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: DemoConfig.java
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: HBASE-4791-v1.patch
Attached a patch that depends on ZOOKEEPER-1497, just to be able to start
secure zookeeper from hbase (non distributed mode).
using instead hbase-site.xml configuration
* hbase.zookeeper.client.keytab.file
* hbase.zookeeper.client.kerberos.principal
"Client" properties are used by HBase Master and Region Servers.
* hbase.zookeeper.server.keytab.file
* hbase.zookeeper.server.kerberos.principal
"Server" properties are used by Quorum Peer when zookeepe is not external.
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: HBASE-4791-v2.patch
Instead of adding a new property and relative function I've tried this way:
The only properties are still keyTab.file and principal, just loginClient()
function.
If there's no keyTabFile you use the ticket cache.
Otherwise there's the strange case where you can set ticketCache=false and no
keyTab.
What do you think?
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch, HBASE-4791-v2.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: HBASE-4791-v0.patch
I've attached a first draft patch that allows Master, Region Servers and Quorum
Peer to be started without
{code}-Djava.security.auth.login.config=jaas.conf{code}
but using instead hbase-site.xml configuration
* hbase.zookeeper.client.keytab.file
* hbase.zookeeper.client.kerberos.principal
"Client" properties are used by HBase Master and Region Servers.
* hbase.zookeeper.server.keytab.file
* hbase.zookeeper.server.kerberos.principal
"Server" properties are used by Quorum Peer when zookeepe is not external.
Anyway you still need to specify the login.config -D option when you're using
the hbase shell or your client application.
_Refactoring a bit hadoop.security.UserGroupInformation and extracting
HadoopConfiguration, we can remove the JaasConfiguration code and simplify the
ZK Login._
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: HBASE-4791-v0.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Laxman updated HBASE-4791:
--
Component/s: zookeeper
security
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: HBASE-4791-v0.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: DemoConfig.java
yes ZOOKEEPER-1373 adds the support for having multiple loginContext.
But if you take a look at the code "java.security.auth.login.config" is not
required, is checked just if the entry is not present.
So, using by creating a new LoginContext and a login.Configuration by code you
can avoid the jaas.conf
I've attached a simple Demo to help you understand what I'm talking about. If
you supply the jaas.conf from the command line that one is used, otherwise a
new Conf is created by code.
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
>Reporter: Eugene Koontz
>Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v0.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: HBASE-4791-v3.patch
Now that ZOOKEEPER-1437 I think that we're ready to go with this one. I've
rebased the patch and fixed some comments.
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stack updated HBASE-4791:
-
Status: Patch Available (was: Open)
Passing by hadoopqa.
In the below, 'localhost' is right always Matteo?
{code}
+// login the zookeeper server principal (if using security)
+ZKUtil.loginServer(conf, "hbase.zookeeper.server.keytab.file",
+ "hbase.zookeeper.server.kerberos.principal", "localhost");
{code}
Otherwise patch looks good. Needs release note boss.
Is this trunk only? Or you want it in 0.94 too?
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-4791:
---
Attachment: HBASE-4791-v4-0.94.patch
HBASE-4791-v4.patch
Added v4 patch for trunk and 0.94
Replaced "localhost" with null.
SecurityUtil.getServerPrincipal(), and more specifically
SecurityUtil.replacePattern() calls getLocalHost() if hostname is null.
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch, HBASE-4791-v4-0.94.patch,
> HBASE-4791-v4.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stack updated HBASE-4791:
-
Attachment: HBASE-4791-v4.patch
Reapplying Matteo's patch so hadoopqa finds the trunk version
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch, HBASE-4791-v4-0.94.patch,
> HBASE-4791-v4.patch, HBASE-4791-v4.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stack updated HBASE-4791:
-
Status: Open (was: Patch Available)
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch, HBASE-4791-v4-0.94.patch,
> HBASE-4791-v4.patch, HBASE-4791-v4.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stack updated HBASE-4791:
-
Status: Patch Available (was: Open)
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch, HBASE-4791-v4-0.94.patch,
> HBASE-4791-v4.patch, HBASE-4791-v4.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stack updated HBASE-4791:
-
Resolution: Fixed
Fix Version/s: 0.96.0
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
Thanks for answers. Thanks for patch Matteo. Committed to trunk.
[~lhofhansl] Ok to backport this one?
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Fix For: 0.96.0
>
> Attachments: DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch, HBASE-4791-v4-0.94.patch,
> HBASE-4791-v4.patch, HBASE-4791-v4.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stack updated HBASE-4791:
-
Attachment: 4791.094v5.txt
What I applied to 0.94 (a few imports were rejected).
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Fix For: 0.96.0
>
> Attachments: 4791.094v5.txt, DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch, HBASE-4791-v4-0.94.patch,
> HBASE-4791-v4.patch, HBASE-4791-v4.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stack updated HBASE-4791:
-
Fix Version/s: 0.94.4
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, Zookeeper
>Reporter: Eugene Koontz
>Assignee: Matteo Bertozzi
> Labels: security, zookeeper
> Fix For: 0.96.0, 0.94.4
>
> Attachments: 4791.094v5.txt, DemoConfig.java, HBASE-4791-v1.patch,
> HBASE-4791-v2.patch, HBASE-4791-v3.patch, HBASE-4791-v4-0.94.patch,
> HBASE-4791-v4.patch, HBASE-4791-v4.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
