Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-4791

Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      In the currently proposed fix for HBASE-2418, there must be a JAAS file specified in System.setProperty("java.security.auth.login.config").

      However, it might be preferable to construct a JAAS configuration programmatically, as is done with secure Hadoop (see https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).

      This would have the benefit of avoiding a usage of a system property setting, and allow instead an HBase-local configuration setting.

      Attachments

        1. 4791.094v5.txt
          14 kB
          Michael Stack
        2. HBASE-4791-v4.patch
          14 kB
          Michael Stack
        3. HBASE-4791-v4-0.94.patch
          14 kB
          Matteo Bertozzi
        4. HBASE-4791-v4.patch
          14 kB
          Matteo Bertozzi
        5. HBASE-4791-v3.patch
          14 kB
          Matteo Bertozzi
        6. HBASE-4791-v2.patch
          12 kB
          Matteo Bertozzi
        7. HBASE-4791-v1.patch
          12 kB
          Matteo Bertozzi
        8. DemoConfig.java
          3 kB
          Matteo Bertozzi

        Issue Links

          depends upon

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-2418 add support for ZooKeeper authentication

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is part of

          Sub-task - The sub-task of the issue HBASE-6099 Secure ZooKeeper integration changes

          • Major - Major loss of function.
          • Closed

          Umbrella - An overarching type made of sub-tasks HBASE-6096 AccessController v2

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-7829 zookeeper kerberos conf keytab and principal parameters interchanged

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-1422 Support _HOST substitution in JAAS configuration

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-1373 Hardcoded SASL login context name clashes with Hadoop security configuration override

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-1467 Make server principal configurable at client side.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              mbertozzi Matteo Bertozzi
              ekoontz Eugene Joseph Koontz
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: