Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-20886

[Auth] Support keytab login in hbase client

    XMLWordPrintableJSON

Details

    • Reviewed
    • Hide
      From 2.2.0, hbase supports client login via keytab. To use this feature, client should specify `hbase.client.keytab.file` and `hbase.client.keytab.principal` in hbase-site.xml, then the connection will contain the needed credentials which be renewed periodically to communicate with kerberized hbase cluster.
      Show
      From 2.2.0, hbase supports client login via keytab. To use this feature, client should specify `hbase.client.keytab.file` and `hbase.client.keytab.principal` in hbase-site.xml, then the connection will contain the needed credentials which be renewed periodically to communicate with kerberized hbase cluster.

    Description

      There're lots of questions about how to connect to kerberized hbase cluster through hbase-client api from user-mail and slack channel.

      hbase.client.keytab.file and hbase.client.keytab.principal are already existed in code base, but they are only used in Canary.

      This issue is to make use of two configs to support client-side keytab based login, after this issue resolved, hbase-client should directly connect to kerberized cluster without changing any code as long as hbase.client.keytab.file and hbase.client.keytab.principal are specified.

      Attachments

        1. HBASE-20886.master.001.patch
          32 kB
          Reid Chan
        2. HBASE-20886.master.002.patch
          34 kB
          Reid Chan
        3. HBASE-20886.master.003.patch
          31 kB
          Reid Chan
        4. HBASE-20886.master.004.patch
          31 kB
          Reid Chan
        5. HBASE-20886.master.005.patch
          35 kB
          Reid Chan
        6. HBASE-20886.master.006.patch
          35 kB
          Reid Chan
        7. HBASE-20886.master.007.patch
          35 kB
          Reid Chan
        8. HBASE-20886.master.008.patch
          35 kB
          Reid Chan

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. HBASE-24954 incorrect value for AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL

          • Major - Major loss of function.
          • Open
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9567 Provide auto-renewal for keytab based logins

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          supercedes

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-15779 Examples should use programmatic keytab auth

          • Major - Major loss of function.
          • Open

          Activity

            People

              reidchan Reid Chan
              reidchan Reid Chan
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: