[ https://issues.apache.org/jira/browse/HBASE-19852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16405709#comment-16405709 ]
Kevin Risden commented on HBASE-19852: -------------------------------------- So this apparently created a second review board link.... not 100% sure why. I'll close the first one and keep the autogenerated one. Making sure I address all the initial review comments. > HBase Thrift 1 server SPNEGO Improvements > ----------------------------------------- > > Key: HBASE-19852 > URL: https://issues.apache.org/jira/browse/HBASE-19852 > Project: HBase > Issue Type: Improvement > Components: Thrift > Reporter: Kevin Risden > Assignee: Kevin Risden > Priority: Major > Attachments: HBASE-19852.master.001.patch, > HBASE-19852.master.002.patch > > > HBase Thrift1 server has some issues when trying to use SPNEGO. > From mailing list: > http://mail-archives.apache.org/mod_mbox/hbase-user/201801.mbox/%3CCAJU9nmh5YtZ%2BmAQSLo91yKm8pRVzAPNLBU9vdVMCcxHRtRqgoA%40mail.gmail.com%3E > {quote}While setting up the HBase Thrift server with HTTP, there were a > significant amount of 401 errors where the HBase Thrift wasn't able to > handle the incoming Kerberos request. Documentation online is sparse when > it comes to setting up the principal/keytab for HTTP Kerberos. > I noticed that the HBase Thrift HTTP implementation was missing SPNEGO > principal/keytab like other Thrift based servers (HiveServer2). It looks > like HiveServer2 Thrift implementation and HBase Thrift v1 implementation > were very close to the same at one point. I made the following changes to > HBase Thrift v1 server implementation to make it work: > * add SPNEGO principal/keytab if in HTTP mode > * return 401 immediately if no authorization header instead of waiting for > try/catch down in program flow{quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)