Why Thrift over HTTP with SSL authentication? Doesn't Thrift support SASL? (I think it does.) Does that make more sense?
Yeah, Thrift does support SASL. But the problem with this apart from validating client to Thrift, there is no way(at least I couldn't find any) to specify "doAs" for each request made through the client.
All of our client access methods use Kerberos authentication except for hbase-rest, which already provides support for data access over HTTP/HTTPS.
This feature is a customer ask and they seem to be contended with using Thrift interface and not interested in migrating to REST interface. They just requested us to add provision for "doAs" support.
We need a HBase access via HTTP option in Thrift too?
I did have an offline chat with Jimmy Xiang about how to go about solving this problem. He suggested me to adapt the existing hive mechanism (
HIVE-6738). But, if you think there is a better way, please do suggest...