You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hbase.apache.org by kumar r <ku...@gmail.com> on 2016/10/04 11:59:37 UTC
HBase thrift C# impersonation
Hi,
I need example for C# HBase thrift with doAs header.
First of all, setting the below property isn't enough to enable
authentication/impersonation?
<property>
<name>hbase.thrift.security.qop</name>
<value>auth-conf</value>
</property>
After setting this property, i cannot access HBase via C# thrift. I need
example to access HBase with doAs via C# thrift client.
Help me to get it work.
Thanks in advance,
Kumar
Re: HBase thrift C# impersonation
Posted by kumar r <ku...@gmail.com>.
Hi,
I have enabled doAs property as said in
http://hbase.apache.org/book.html#security.gateway.thrift.doas
<property>
<name>hbase.thrift.kerberos.principal</name>
<value>principal</value>
</property>
<property>
<name>hbase.thrift.keytab.file</name>
<value>keytab</value>
</property>
<property>
<name>hbase.thrift.ssl.enabled</name>
<value>true</value>
</property>
<property>
<name>hbase.thrift.ssl.keystore.store</name>
<value>keystorelocation</value>
</property>
<property>
<name>hbase.thrift.ssl.keystore.password</name>
<value>keystorepassword</value>
</property>
<property>
<name>hbase.thrift.ssl.keystore.keypassword</name>
<value>keypasspassword</value>
</property>
<property>
<name>hbase.thrift.security.qop</name>
<value>auth-conf</value>
</property>
<property>
<name>hbase.regionserver.thrift.http</name>
<value>true</value>
</property>
<property>
<name>hbase.thrift.support.proxyuser</name>
<value>true</value>
</property>
But when i run the DemoClient, facing errors
*hbase org.apache.hadoop.hbase.thrift.HttpDoAsClient machine1.example.com
<http://machine1.example.com> 10003 Kumar true*
Error logs - http://pastebin.com/ULSBi3Ci
and getting below WARN messages in HBase thrift server logs
2016-10-06 11:33:39,540 WARN [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:33:50,791 WARN [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:34:04,266 WARN [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:34:04,272 WARN [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
Did i missed anything?
Help me to resolve the errors.
Thanks.
On Wed, Oct 5, 2016 at 2:50 PM, kumar r <ku...@gmail.com> wrote:
> Hi Dima,
>
> Thanks for the update. Let me check further.
>
> On Wed, Oct 5, 2016 at 2:28 AM, Dima Spivak <di...@apache.org> wrote:
>
>> Hey Kumar,
>>
>> The ref guide section on enabling security for the Thrift gateway [1] is a
>> good place to start. Have you gone through that?
>>
>> 1. http://hbase.apache.org/book.html#security.gateway.thrift.doas
>>
>> -Dima
>>
>> On Tue, Oct 4, 2016 at 4:59 AM, kumar r <ku...@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I need example for C# HBase thrift with doAs header.
>> >
>> > First of all, setting the below property isn't enough to enable
>> > authentication/impersonation?
>> >
>> > <property>
>> > <name>hbase.thrift.security.qop</name>
>> > <value>auth-conf</value>
>> > </property>
>> >
>> > After setting this property, i cannot access HBase via C# thrift. I need
>> > example to access HBase with doAs via C# thrift client.
>> >
>> > Help me to get it work.
>> >
>> > Thanks in advance,
>> > Kumar
>> >
>>
>
>
Re: HBase thrift C# impersonation
Posted by kumar r <ku...@gmail.com>.
Hi Dima,
Thanks for the update. Let me check further.
On Wed, Oct 5, 2016 at 2:28 AM, Dima Spivak <di...@apache.org> wrote:
> Hey Kumar,
>
> The ref guide section on enabling security for the Thrift gateway [1] is a
> good place to start. Have you gone through that?
>
> 1. http://hbase.apache.org/book.html#security.gateway.thrift.doas
>
> -Dima
>
> On Tue, Oct 4, 2016 at 4:59 AM, kumar r <ku...@gmail.com> wrote:
>
> > Hi,
> >
> > I need example for C# HBase thrift with doAs header.
> >
> > First of all, setting the below property isn't enough to enable
> > authentication/impersonation?
> >
> > <property>
> > <name>hbase.thrift.security.qop</name>
> > <value>auth-conf</value>
> > </property>
> >
> > After setting this property, i cannot access HBase via C# thrift. I need
> > example to access HBase with doAs via C# thrift client.
> >
> > Help me to get it work.
> >
> > Thanks in advance,
> > Kumar
> >
>
Re: HBase thrift C# impersonation
Posted by Dima Spivak <di...@apache.org>.
Hey Kumar,
The ref guide section on enabling security for the Thrift gateway [1] is a
good place to start. Have you gone through that?
1. http://hbase.apache.org/book.html#security.gateway.thrift.doas
-Dima
On Tue, Oct 4, 2016 at 4:59 AM, kumar r <ku...@gmail.com> wrote:
> Hi,
>
> I need example for C# HBase thrift with doAs header.
>
> First of all, setting the below property isn't enough to enable
> authentication/impersonation?
>
> <property>
> <name>hbase.thrift.security.qop</name>
> <value>auth-conf</value>
> </property>
>
> After setting this property, i cannot access HBase via C# thrift. I need
> example to access HBase with doAs via C# thrift client.
>
> Help me to get it work.
>
> Thanks in advance,
> Kumar
>