Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-20886

[Auth] Support keytab login in hbase client

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0, 2.2.0
    • Component/s: asyncclient, Client, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      From 2.2.0, hbase supports client login via keytab. To use this feature, client should specify `hbase.client.keytab.file` and `hbase.client.keytab.principal` in hbase-site.xml, then the connection will contain the needed credentials which be renewed periodically to communicate with kerberized hbase cluster.
      Show
      From 2.2.0, hbase supports client login via keytab. To use this feature, client should specify `hbase.client.keytab.file` and `hbase.client.keytab.principal` in hbase-site.xml, then the connection will contain the needed credentials which be renewed periodically to communicate with kerberized hbase cluster.

      Description

      There're lots of questions about how to connect to kerberized hbase cluster through hbase-client api from user-mail and slack channel.

      hbase.client.keytab.file and hbase.client.keytab.principal are already existed in code base, but they are only used in Canary.

      This issue is to make use of two configs to support client-side keytab based login, after this issue resolved, hbase-client should directly connect to kerberized cluster without changing any code as long as hbase.client.keytab.file and hbase.client.keytab.principal are specified.

        Attachments

        1. HBASE-20886.master.008.patch
          35 kB
          Reid Chan
        2. HBASE-20886.master.007.patch
          35 kB
          Reid Chan
        3. HBASE-20886.master.006.patch
          35 kB
          Reid Chan
        4. HBASE-20886.master.005.patch
          35 kB
          Reid Chan
        5. HBASE-20886.master.004.patch
          31 kB
          Reid Chan
        6. HBASE-20886.master.003.patch
          31 kB
          Reid Chan
        7. HBASE-20886.master.002.patch
          34 kB
          Reid Chan
        8. HBASE-20886.master.001.patch
          32 kB
          Reid Chan

          Issue Links

            Activity

              People

              • Assignee:
                reidchan Reid Chan
                Reporter:
                reidchan Reid Chan
              • Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: