Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
-
None
Description
Some deployments would like to avoid needing kerberos principals for taking administrative actions with the HBase shell, substituting their own authentication. The HBase shell is a regular HBase client, which could run anywhere, and cannot be trusted with simple authentication or impersonation of arbitrary users.
Other Hadoop ecosystem components have a service process registered in cluster configuration afforded the elevated privilege of impersonation. For HBase, this could be a trusted administration server that would reside at a fixed location, could be trusted to impersonate, with the shell modified to optionally proxy administrative commands through it.
Carried over from HBASE-2016 without comment.