the static UGI loginUser?
>
> consumers can choose to take the thread-local hit or not.
>
> -Tony
>
> -Original Message-
> From: Andrew Purtell [mailto:apurt...@apache.org]
> Sent: Thursday, July 12, 2012 4:09 PM
> To: user@hbase.apache.org
> Subject: Re: hbase m
Wouldn't this work:
User user =
User.create(UserGroupInformation.createProxyUser(userToImpersonate,
UserGroupInformation.getLoginUser()))
//Run the regionserver operation within a runAs (authentication will happen
using the credentials of the loginuser)
user.runAs(...)
At the RPC layer, the c
r not.
-Tony
-Original Message-
From: Andrew Purtell [mailto:apurt...@apache.org]
Sent: Thursday, July 12, 2012 4:09 PM
To: user@hbase.apache.org
Subject: Re: hbase multi-user security
On Thu, Jul 12, 2012 at 12:44 PM, Tony Dean wrote:
> I'm wondering how that proxy user can be inje
On Thu, Jul 12, 2012 at 12:44 PM, Tony Dean wrote:
> I'm wondering how that proxy user can be injected into the RPC connection
> when making requests.
Right, hence the suggestion to be able to set User per thread, at
least, via a thread local, so you can set at will and RPC will pick it
up.
Be
: RE: hbase multi-user security
Thanks Andy for the reply.
I understand your normal use case...
If we are hosting we could create separate Web apps per client so that
authentication occurs for each client back to the same hbase/hadoop cluster...
therefore, each client would see only the data that
Sent: Wednesday, July 11, 2012 3:11 PM
To: user@hbase.apache.org
Subject: Re: hbase multi-user security
On Wed, Jul 11, 2012 at 11:51 AM, Tony Dean wrote:
> Yes, I saw that. But one you have a User how do you get the SecureClient
> connection to use it? It seems to just call User.getCurr
On Jul 11, 2012, at 10:41 AM, Tony Dean wrote:
> Hi,
>
> Looking into hbase security, it appears that when HBaseRPC is creating a
> proxy (e.g., SecureRpcEngine), it injects the current user:
> User.getCurrent() which by default is the cached Kerberos TGT (kinit'ed user
> - using the "hadoop-u
On Wed, Jul 11, 2012 at 11:51 AM, Tony Dean wrote:
> Yes, I saw that. But one you have a User how do you get the SecureClient
> connection to use it? It seems to just call User.getCurrent(). And its
> static so there can only be 1.
I think Hadoop's UserGroupInformation is the same, static.
.
-Original Message-
From: Ted Yu [mailto:yuzhih...@gmail.com]
Sent: Wednesday, July 11, 2012 1:49 PM
To: user@hbase.apache.org
Subject: Re: hbase multi-user security
Have you seen the following method in User.java ?
public static User create(UserGroupInformation ugi) {
if (ugi == null
Have you seen the following method in User.java ?
public static User create(UserGroupInformation ugi) {
if (ugi == null) {
return null;
}
return new SecureHadoopUser(ugi);
}
It wraps an underlying UserGroupInformation instance.
Cheers
On Wed, Jul 11, 2012 at 10:41 AM, Tony
10 matches
Mail list logo
