[
https://issues.apache.org/jira/browse/HBASE-15780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15283299#comment-15283299
]
Sean Busbey commented on HBASE-15780:
-------------------------------------
{quote}
Looks good to me for 1.3. The only comment is that I would prefer to mark
interfaces as public-evolving to have a little bit more of a room if we need
to, but that's a nit in fact.
{quote}
I had considered making them IA.Evolving but 1) these things don't appear to
change much thus far and 2) this is something pretty critical to downstream
applications, so changing it has a high cost even if we say it's experimental.
{quote}
Personally I think it would be a little cleaner if UGI handled this itself the
same way it does with refreshing tickets from the credential cache, but that's
not something we can really control. I have a patch up on HADOOP-9567 that adds
a background thread for keytab based logins but it doesn't look to be getting
any traction.
{quote}
Part of what I really like on this approach is that we hide UGI entirely from
downstream users. HBase users shouldn't have to care about Hadoop
Authentication stuff, IMHO. although we are still exposing
hadoop.Configuration, that's historically been a much more straightforward part
of Hadoop.
> Expose AuthUtil as IA.Public
> ----------------------------
>
> Key: HBASE-15780
> URL: https://issues.apache.org/jira/browse/HBASE-15780
> Project: HBase
> Issue Type: New Feature
> Components: API, security
> Reporter: Sean Busbey
> Assignee: Sean Busbey
> Priority: Critical
> Fix For: 2.0.0, 1.4.0
>
> Attachments: HBASE-15780.1.patch
>
>
> Make AuthUtils IA.Public so that we can point it out to folks who want to
> build long-lived services that talk to secure HBase clusters without
> concerning them with Hadoop APIs like UGI.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
