joshelser commented on issue #884: HBASE-23347 Allowable custom authentication methods for RPCs URL: https://github.com/apache/hbase/pull/884#issuecomment-565166353 > I haven't seen much difference comparing to the old token based authentication, so I'm a bit nervous that we doing a lot of work and then, no one will actually use it... Yeah, it's specifically on the roadmap at Cloudera. I think the unit test I provided gives that impression that we're aren't doing much different since we're not really doing anything fancy server-side. > Can we add a more reasonable example in the hbase-example module, to say that, we do have different authentication methods, comparing to the old provided methods? I've been chatting with Busbey and Wellington about what would be a non-contrived and semi-representative example. It's hard to come up with some single implementation because it 1. relies on lots of infrastructure that is dependent on the company/organization (e.g. ActiveDirectory or PKI) 2. has business/data dependent security policies that have to be applied (e.g. encryption strength) That said, I'm happy to try to put an example together to demonstrate this. The best thing I've been able to come up with is making a userdatabase from a file in HDFS (either a flat file or a JKS), and wiring up HBase to check against that. How does that strike you? Obviously not ready to be deployed in some organization, but sufficiently decoupled that we can keep maintaining it and (hopefully) representative of what you can do.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
