Andrew Purtell created HBASE-9929:
-------------------------------------
Summary: Trusted administration server
Key: HBASE-9929
URL: https://issues.apache.org/jira/browse/HBASE-9929
Project: HBase
Issue Type: New Feature
Reporter: Andrew Purtell
Some deployments would like to avoid needing kerberos principals for taking
administrative actions with the HBase shell, substituting their own
authentication. The HBase shell is a regular HBase client, which could run
anywhere, and cannot be trusted with simple authentication or impersonation of
arbitrary users.
Other Hadoop ecosystem components have a service process registered in cluster
configuration afforded the elevated privilege of impersonation. For HBase, this
could be a trusted administration server that would reside at a fixed location,
could be trusted to impersonate, with the shell modified to optionally proxy
administrative commands through it.
Carried over from HBASE-2016 without comment.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
