[
https://issues.apache.org/jira/browse/HBASE-4475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Purtell resolved HBASE-4475.
-----------------------------------
Resolution: Not a Problem
> When running an embedded ThriftServer, use User.runAs() to allow it to run as
> a separate principal from the embedding region server
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-4475
> URL: https://issues.apache.org/jira/browse/HBASE-4475
> Project: HBase
> Issue Type: Improvement
> Components: security, Thrift
> Reporter: Gary Helmling
>
> As discussed over in HBASE-4460, the current approach to ThriftServer
> authentication (provided in HBASE-4099) will not work in an embedded context,
> since the region server will already does a login for the process.
> We could make the embedded thrift server still run as a separate user,
> though, by doing something like the following:
> * add a {{User.loginAndReturnUser()}} variant that delegates to
> {{UserGroupInformation.loginUserFromKeytabAndReturnUGI()}}, then returns a
> wrapping {{User}} instance
> * call this method on startup for the embedded thrift server to get the
> thrift user instance
> * use {{User.runAs()}} to execute the body of {{HRegionThriftServer.run()}}
> as the logged in thrift user
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
