[
https://issues.apache.org/jira/browse/HBASE-12230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14167764#comment-14167764
]
Aditya Kishore commented on HBASE-12230:
----------------------------------------
Let's assume that an organization has set up authentication at the REST gateway
which is the only entry point into the Hadoop/HBase cluster and hence would
like to not enable security inside the cluster. They also want to carry the
identity of the user that they verified at the REST gateway to the HBase
service for audit purpose.
Even HBase RPC advertises
[this|https://github.com/apache/hbase/blob/master/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java#L1769]
but fails since the proxy group configuration was not loaded at the time of
initialization.
> User impersonation does not work in 'simple' mode.
> --------------------------------------------------
>
> Key: HBASE-12230
> URL: https://issues.apache.org/jira/browse/HBASE-12230
> Project: HBase
> Issue Type: Bug
> Components: REST, security
> Affects Versions: 0.98.6.1
> Reporter: Aditya Kishore
> Assignee: Aditya Kishore
> Attachments:
> HBASE-12230-User-impersonation-does-not-work-in-simp.patch
>
>
> The [code responsible for initializing proxy
> configuration|https://github.com/apache/hbase/blob/7cfdb38c9274e306ac37374c147a978c2cef31d6/hbase-server/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java#L54]
> does not execute unless {{"hadoop.security.authorization"}} is set to true.
> This is departure from other Hadoop components. Impersonation should not be
> tied to authorization.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
