[
https://issues.apache.org/jira/browse/HBASE-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396583#comment-13396583
]
Matteo Bertozzi commented on HBASE-4791:
----------------------------------------
{quote}
Configuration.setConfiguration - Doesn't seems to be a clean approach.
What happens when you want to use multiple ZK clusters from same ZK client?
{quote}
Is not the same as what happens today? You can specify one single jaas.conf and
You've just one Client section read.
{quote}
Other problem with this approach is concurrency issues. No?
Think of the following scenario from a HBase client application which accesses
HBase and ZooKeeper for various puposes.
{quote}
What do you mean by HBase Client, for me the only hbase client interested by
this change is Master and Region Server.
And the configuration is set at startup. Check the User.login() that does the
exactly same thing in RS and Master code, is exactly the same.
{quote}
What's your opinion on providing this as part of ZooKeeper client code allowing
clients to configure thru constructor.
ZooKeeper(conf) - conf may be Map/ZKConfig/Properties/some other better data
structure.
{quote}
This sounds good anyway, just to have a clear way to specify the authentication
by code in a less hackish way
> Allow Secure Zookeeper JAAS configuration to be programmatically set (rather
> than only by reading JAAS configuration file)
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-4791
> URL: https://issues.apache.org/jira/browse/HBASE-4791
> Project: HBase
> Issue Type: Improvement
> Components: security, zookeeper
> Reporter: Eugene Koontz
> Assignee: Eugene Koontz
> Labels: security, zookeeper
> Attachments: DemoConfig.java, HBASE-4791-v0.patch
>
>
> In the currently proposed fix for HBASE-2418, there must be a JAAS file
> specified in System.setProperty("java.security.auth.login.config").
> However, it might be preferable to construct a JAAS configuration
> programmatically, as is done with secure Hadoop (see
> https://github.com/apache/hadoop-common/blob/a48eceb62c9b5c1a5d71ee2945d9eea2ed62527b/src/java/org/apache/hadoop/security/UserGroupInformation.java#L175).
> This would have the benefit of avoiding a usage of a system property setting,
> and allow instead an HBase-local configuration setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
