[
https://issues.apache.org/jira/browse/HBASE-20886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16544126#comment-16544126
]
Reid Chan commented on HBASE-20886:
-----------------------------------
A client using one principal to access many other services is normal. UserA
reads HDFS then writes to HBASE with Spark, he is still UserA in no matter he
accesses which process.
HDFS (or YARN) principal is in DataNode or NodeManager process, a client
principal will mess up with which? Do you mean he is UserA when reads HDFS,
then as UserB to write HBase?
> [Auth] Support keytab login in hbase client
> -------------------------------------------
>
> Key: HBASE-20886
> URL: https://issues.apache.org/jira/browse/HBASE-20886
> Project: HBase
> Issue Type: Improvement
> Components: asyncclient, Client, security
> Reporter: Reid Chan
> Assignee: Reid Chan
> Priority: Critical
> Attachments: HBASE-20886.master.001.patch
>
>
> There're lots of questions about how to connect to kerberized hbase cluster
> through hbase-client api from user-mail and slack channel.
> {{hbase.client.keytab.file}} and {{hbase.client.keytab.principal}} are
> already existed in code base, but they are only used in {{Canary}}.
> This issue is to make use of two configs to support client-side keytab based
> login, after this issue resolved, hbase-client should directly connect to
> kerberized cluster without changing any code as long as
> {{hbase.client.keytab.file}} and {{hbase.client.keytab.principal}} are
> specified.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
