Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-4791

Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      In the currently proposed fix for HBASE-2418, there must be a JAAS file specified in System.setProperty("java.security.auth.login.config").

      However, it might be preferable to construct a JAAS configuration programmatically, as is done with secure Hadoop (see https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).

      This would have the benefit of avoiding a usage of a system property setting, and allow instead an HBase-local configuration setting.

      Attachments

        1. 4791.094v5.txt
          14 kB
          Michael Stack
        2. HBASE-4791-v4.patch
          14 kB
          Michael Stack
        3. HBASE-4791-v4-0.94.patch
          14 kB
          Matteo Bertozzi
        4. HBASE-4791-v4.patch
          14 kB
          Matteo Bertozzi
        5. HBASE-4791-v3.patch
          14 kB
          Matteo Bertozzi
        6. HBASE-4791-v2.patch
          12 kB
          Matteo Bertozzi
        7. HBASE-4791-v1.patch
          12 kB
          Matteo Bertozzi
        8. DemoConfig.java
          3 kB
          Matteo Bertozzi

        Issue Links

        depends upon

        Improvement - An improvement or enhancement to an existing feature or task. HBASE-2418 add support for ZooKeeper authentication

        • Critical - Crashes, loss of data, severe memory leak.
        • Closed
        is part of

        Sub-task - The sub-task of the issue HBASE-6099 Secure ZooKeeper integration changes

        • Major - Major loss of function.
        • Closed

        Umbrella - An overarching type made of sub-tasks HBASE-6096 AccessController v2

        • Major - Major loss of function.
        • Closed
        is related to

        Bug - A problem which impairs or prevents the functions of the product. HBASE-7829 zookeeper kerberos conf keytab and principal parameters interchanged

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Closed

        Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-1422 Support _HOST substitution in JAAS configuration

        • Major - Major loss of function.
        • Resolved
        relates to

        Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-1373 Hardcoded SASL login context name clashes with Hadoop security configuration override

        • Major - Major loss of function.
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-1467 Make server principal configurable at client side.

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            mbertozzi Matteo Bertozzi
            ekoontz Eugene Joseph Koontz
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment