[
https://issues.apache.org/jira/browse/HBASE-9929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817898#comment-13817898
]
Mikhail Antonov commented on HBASE-9929:
----------------------------------------
Yes, I agree that's not really HBase feature, more like very custom requirement
which has to be implemented as a custom solution.
> Trusted administration server
> -----------------------------
>
> Key: HBASE-9929
> URL: https://issues.apache.org/jira/browse/HBASE-9929
> Project: HBase
> Issue Type: New Feature
> Reporter: Andrew Purtell
>
> Some deployments would like to avoid needing kerberos principals for taking
> administrative actions with the HBase shell, substituting their own
> authentication. The HBase shell is a regular HBase client, which could run
> anywhere, and cannot be trusted with simple authentication or impersonation
> of arbitrary users.
> Other Hadoop ecosystem components have a service process registered in
> cluster configuration afforded the elevated privilege of impersonation. For
> HBase, this could be a trusted administration server that would reside at a
> fixed location, could be trusted to impersonate, with the shell modified to
> optionally proxy administrative commands through it.
> Carried over from HBASE-2016 without comment.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
