[
https://issues.apache.org/jira/browse/HBASE-28317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17809944#comment-17809944
]
Bryan Beaudreault commented on HBASE-28317:
-------------------------------------------
Thanks for the thoughts [~ndimiduk]. Just to be clear, I do agree that adding
the cert to RpcCall seems in line with existing conventions. So no problems
with it as-is, more just thinking of the bigger picture. In hindsight, that
line of thinking might have been best explored in a different jira. If anyone
else has useful suggestions/context to provide in response to your comment,
I'll make sure to copy it into a new Jira for posterity and further discussion.
Your idea around doing some upfront general parsing is interesting, if there is
any opportunity there.
> RpcCallContext should expose client's TLS certificate
> -----------------------------------------------------
>
> Key: HBASE-28317
> URL: https://issues.apache.org/jira/browse/HBASE-28317
> Project: HBase
> Issue Type: Improvement
> Reporter: Charles Connell
> Assignee: Charles Connell
> Priority: Minor
>
> At my employer we plan on using a coprocessor to log information about some
> requests to HBase. For this to be useful to us, we need to know who each
> request is coming from. We use HBase's TLS support with mutual authentication
> to authenticate clients. I'd like a way to expose the client certificate used
> on a request to coprocessors. For setups using Kerberos authentication,
> RpcCall exposes the Kerberos principal shortname via {{getRequestUser()}}, so
> this would be the TLS equivalent to that.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
