[
https://issues.apache.org/jira/browse/HBASE-12640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14238383#comment-14238383
]
Srikanth Srungarapu commented on HBASE-12640:
---------------------------------------------
bq. Why Thrift over HTTP with SSL authentication? Doesn't Thrift support SASL?
(I think it does.) Does that make more sense?
Yeah, Thrift does support SASL. But the problem with this apart from validating
client to Thrift, there is no way(at least I couldn't find any) to specify
"doAs" for each request made through the client.
bq. All of our client access methods use Kerberos authentication except for
hbase-rest, which already provides support for data access over HTTP/HTTPS.
This feature is a customer ask and they seem to be contended with using Thrift
interface and not interested in migrating to REST interface. They just
requested us to add provision for "doAs" support.
bq. We need a HBase access via HTTP option in Thrift too?
I did have an offline chat with [~jxiang] about how to go about solving this
problem. He suggested me to adapt the existing hive mechanism (HIVE-6738). But,
if you think there is a better way, please do suggest...
> Add doAs support for Thrift Server
> ----------------------------------
>
> Key: HBASE-12640
> URL: https://issues.apache.org/jira/browse/HBASE-12640
> Project: HBase
> Issue Type: Improvement
> Components: Thrift
> Reporter: Srikanth Srungarapu
> Assignee: Srikanth Srungarapu
> Attachments: HBASE-12640_v1.patch
>
>
> In HBASE-11349, impersonation support has been added to Thrift Server. But
> the limitation is thrift client must use same set of credentials throughout
> the session. These changes will help us in circumventing this problem, by
> allowing user to populate doAs parameter as per his needs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
