[jira] [Commented] (HBASE-4791) Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)

[Matteo Bertozzi (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13395890#comment-13395890
 ] 

Matteo Bertozzi commented on HBASE-4791:
----------------------------------------

{quote}Configuration.setConfiguration overwrites the default configuration. May 
cause problems, if client application also expects this way.{quote}
If your configuration keeps the previous one and returns the previous one when 
someone request data not handled by this custom configuration, I don't see 
where is the problem. Is just adding a new property to the conf. Maybe there's 
a better way then override login.Configuration

{quote}For every ZooKeeper client connection we need to do this 
Configuration.setConfiguration.{quote}
Is not per connection but per process, this means Region Servers and Master. In 
the draft patch attached at startup RS and Master calls ZKUtil.Login to setup 
the LoginContext the same thing as UserLogin does now. 
                
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather 
> than only by reading JAAS configuration file)
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-4791
>                 URL: https://issues.apache.org/jira/browse/HBASE-4791
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, zookeeper
>            Reporter: Eugene Koontz
>            Assignee: Eugene Koontz
>              Labels: security, zookeeper
>         Attachments: DemoConfig.java, HBASE-4791-v0.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file 
> specified in     System.setProperty("java.security.auth.login.config"). 
> However, it might be preferable to construct a JAAS configuration 
> programmatically, as is done with secure Hadoop (see 
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting, 
> and allow instead an HBase-local configuration setting. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira