Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Not A Problem
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Some deployments would like to avoid needing kerberos principals for taking administrative actions with the HBase shell, substituting their own authentication. The HBase shell is a regular HBase client, which could run anywhere, and cannot be trusted with simple authentication or impersonation of arbitrary users.

      Other Hadoop ecosystem components have a service process registered in cluster configuration afforded the elevated privilege of impersonation. For HBase, this could be a trusted administration server that would reside at a fixed location, could be trusted to impersonate, with the shell modified to optionally proxy administrative commands through it.

      Carried over from HBASE-2016 without comment.

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Andrew Purtell
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development