[
https://issues.apache.org/jira/browse/HBASE-20886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16544133#comment-16544133
]
Duo Zhang commented on HBASE-20886:
-----------------------------------
Anyway, the problem here is that, if a user wants to connect to HBase, HDFS and
YARN, if we have options for each of them, then we will login the UGI three
times, which does not make sense...
For canary it is OK because it is a service, but hbase-client is a library...
> [Auth] Support keytab login in hbase client
> -------------------------------------------
>
> Key: HBASE-20886
> URL: https://issues.apache.org/jira/browse/HBASE-20886
> Project: HBase
> Issue Type: Improvement
> Components: asyncclient, Client, security
> Reporter: Reid Chan
> Assignee: Reid Chan
> Priority: Critical
> Attachments: HBASE-20886.master.001.patch
>
>
> There're lots of questions about how to connect to kerberized hbase cluster
> through hbase-client api from user-mail and slack channel.
> {{hbase.client.keytab.file}} and {{hbase.client.keytab.principal}} are
> already existed in code base, but they are only used in {{Canary}}.
> This issue is to make use of two configs to support client-side keytab based
> login, after this issue resolved, hbase-client should directly connect to
> kerberized cluster without changing any code as long as
> {{hbase.client.keytab.file}} and {{hbase.client.keytab.principal}} are
> specified.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
