[HBASE-9929] Trusted administration server - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Not A Problem
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Some deployments would like to avoid needing kerberos principals for taking administrative actions with the HBase shell, substituting their own authentication. The HBase shell is a regular HBase client, which could run anywhere, and cannot be trusted with simple authentication or impersonation of arbitrary users.

Other Hadoop ecosystem components have a service process registered in cluster configuration afforded the elevated privilege of impersonation. For HBase, this could be a trusted administration server that would reside at a fixed location, could be trusted to impersonate, with the shell modified to optionally proxy administrative commands through it.

Carried over from ~~HBASE-2016~~ without comment.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Andrew Kyle Purtell

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 08/Nov/13 22:27

Updated:: 16/Jun/22 18:29

Resolved:: 12/May/14 03:50