Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-19852

HBase Thrift 1 server SPNEGO Improvements

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0-alpha-1, 2.1.0
    • Thrift
    • None
    • Reviewed
    • Hide
      Adds two new properties for hbase-site.xml for THRIFT SPNEGO when in HTTP mode:
      * hbase.thrift.spnego.keytab.file
      * hbase.thrift.spnego.principal
      Show
      Adds two new properties for hbase-site.xml for THRIFT SPNEGO when in HTTP mode: * hbase.thrift.spnego.keytab.file * hbase.thrift.spnego.principal

    Description

      HBase Thrift1 server has some issues when trying to use SPNEGO.

      From mailing list:
      http://mail-archives.apache.org/mod_mbox/hbase-user/201801.mbox/%3CCAJU9nmh5YtZ%2BmAQSLo91yKm8pRVzAPNLBU9vdVMCcxHRtRqgoA%40mail.gmail.com%3E

      While setting up the HBase Thrift server with HTTP, there were a
      significant amount of 401 errors where the HBase Thrift wasn't able to
      handle the incoming Kerberos request. Documentation online is sparse when
      it comes to setting up the principal/keytab for HTTP Kerberos.

      I noticed that the HBase Thrift HTTP implementation was missing SPNEGO
      principal/keytab like other Thrift based servers (HiveServer2). It looks
      like HiveServer2 Thrift implementation and HBase Thrift v1 implementation
      were very close to the same at one point. I made the following changes to
      HBase Thrift v1 server implementation to make it work:

      • add SPNEGO principal/keytab if in HTTP mode
      • return 401 immediately if no authorization header instead of waiting for
        try/catch down in program flow

      Attachments

        1. HBASE-19852.master.001.patch
          14 kB
          Kevin Risden
        2. HBASE-19852.master.002.patch
          52 kB
          Kevin Risden
        3. HBASE-19852.master.003.patch
          52 kB
          Kevin Risden
        4. HBASE-19852.master.004.patch
          53 kB
          Kevin Risden
        5. HBASE-19852.master.006.patch
          53 kB
          Kevin Risden
        6. HBASE-19852.master.007.patch.txt
          53 kB
          Kevin Risden
        7. HBASE-19852.master.008.patch
          53 kB
          Kevin Risden
        8. HBASE-19852.master.009.patch
          52 kB
          Kevin Risden
        9. HBASE-19852.master.010.patch
          52 kB
          Kevin Risden
        10. HBASE-19852.master.011.patch
          52 kB
          Kevin Risden
        11. HBASE-19852.master.012.patch
          55 kB
          Kevin Risden
        12. HBASE-19852.master.013.patch
          55 kB
          Kevin Risden

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            krisden Kevin Risden
            krisden Kevin Risden
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment