Hi, It appears that the Kerberos authentication integration into HBase is via JAAS Krb5LoginModule. That is, I can setup up the "Client" application context and configure where/how the client Kerberos principle is authenticated (TGT). Correct? If I have a multi-tenant application that performs scans/gets/puts based on different users, what is the appropriate way to specify the Kerberos principle to use on each thread? I was thinking that I could use a JAAS callbackHandler to specify the principle to use and then configure the login module to query a keytab for the principal's password key. Or do I have to create a Subject and configure the login module to use the shared state?
What's an application's integration point into specifying what client Kerberos principal to authenticate and use. Thank you! Tony Dean SAS Institute Inc. Senior Software Developer 919-531-6704
