[
https://issues.apache.org/jira/browse/PHOENIX-5006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16697479#comment-16697479
]
Biju Nair edited comment on PHOENIX-5006 at 11/26/18 11:57 PM:
---------------------------------------------------------------
[HBase connection
factory|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionFactory.java#L126]
while creating the
[User|https://github.com/apache/hbase/blob/130057f13774f6b213cdb06952c805a29d59396e/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java#L107]
object checks to see whether security is enable for HBase and Hadoop. To
determine whether security is enabled for
[HBase|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-common/src/main/java/org/apache/hadoop/hbase/security/UserProvider.java#L151]
it uses the config passed, but for
[Hadoop|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-common/src/main/java/org/apache/hadoop/hbase/security/UserProvider.java#L160]
the passed in config is not used but instead calls
[UGI|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-common/src/main/java/org/apache/hadoop/hbase/security/User.java#L260]
isSecurityEnabled(). This fails since there are no “site.xml” in class path.
This is not an issue with creating HBase connection without Phoenix since user
will do a {{UserGroupInformation.setConfiguration(conf)}} before creating a
connection which is not the case through {{Phoenix}}. [~elserj], let me know
your thoughts.
was (Author: gsbiju):
[HBase connection
factory|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionFactory.java#L126]
while creating the
[User|https://github.com/apache/hbase/blob/130057f13774f6b213cdb06952c805a29d59396e/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java#L107]
object checks to see whether security is enable for HBase and Hadoop. To
determine whether security is enabled for
[HBase|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-common/src/main/java/org/apache/hadoop/hbase/security/UserProvider.java#L151]
it uses the config passed, but for
[Hadoop|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-common/src/main/java/org/apache/hadoop/hbase/security/UserProvider.java#L160]
the passed in config is not used but instead calls
[UGI|https://github.com/apache/hbase/blob/a8e184dc77470bdf9d62e19c5d36bc1de7cf4c6d/hbase-common/src/main/java/org/apache/hadoop/hbase/security/User.java#L260]
isSecurityEnabled(). This fails since conf is not set since there are no
“site.xml” in class path. This is not an issue with creating HBase connection
without Phoenix since user will do a
{{UserGroupInformation.setConfiguration(conf)}} before creating a connection
which is not the case through {{Phoenix}}. [~elserj], let me know your
thoughts.
> jdbc connection to secure cluster should be able to use Kerberos ticket of
> user
> -------------------------------------------------------------------------------
>
> Key: PHOENIX-5006
> URL: https://issues.apache.org/jira/browse/PHOENIX-5006
> Project: Phoenix
> Issue Type: Bug
> Reporter: Biju Nair
> Priority: Minor
>
> Currently JDBC connection against a secure Phoenix cluster requires a
> Kerberos principal and keytab to be passed in as part of the connection
> string. But in many instances users may not have a {{Keytab}} especially
> during development. It would be good to support using the logged in users
> Kerberos ticket.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
