[
https://issues.apache.org/jira/browse/HBASE-9929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817776#comment-13817776
]
Gary Helmling commented on HBASE-9929:
--------------------------------------
Rewording my comment from HBASE-2016 in order to capture it here as well:
I don't really see a proxy for HBase shell, which would need its own kerberos
credentials and would have to perform its own authentication of clients, as
core HBase functionality. Instead it's like putting a proxy in place in order
to circumvent security. Instead, I think the best direction for HBase would be
to invest effort to support pluggable authentication of clients at the RPC
layer, using the same mechanisms under development for Hadoop.
However, if someone does want to invest the effort to support an impersonating
proxy for shell commands as an optional service, that is completely up to them,
as long as it does not undermine core security.
> Trusted administration server
> -----------------------------
>
> Key: HBASE-9929
> URL: https://issues.apache.org/jira/browse/HBASE-9929
> Project: HBase
> Issue Type: New Feature
> Reporter: Andrew Purtell
>
> Some deployments would like to avoid needing kerberos principals for taking
> administrative actions with the HBase shell, substituting their own
> authentication. The HBase shell is a regular HBase client, which could run
> anywhere, and cannot be trusted with simple authentication or impersonation
> of arbitrary users.
> Other Hadoop ecosystem components have a service process registered in
> cluster configuration afforded the elevated privilege of impersonation. For
> HBase, this could be a trusted administration server that would reside at a
> fixed location, could be trusted to impersonate, with the shell modified to
> optionally proxy administrative commands through it.
> Carried over from HBASE-2016 without comment.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
