You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hbase.apache.org by kumar r <ku...@gmail.com> on 2016/10/04 11:59:37 UTC

HBase thrift C# impersonation

Hi,

I need example for C# HBase thrift with doAs header.

First of all, setting the below property isn't enough to enable
authentication/impersonation?

  <property>
    <name>hbase.thrift.security.qop</name>
    <value>auth-conf</value>
  </property>

After setting this property, i cannot access HBase via C# thrift. I need
example to access HBase with doAs via C# thrift client.

Help me to get it work.

Thanks in advance,
Kumar

Re: HBase thrift C# impersonation

Posted by kumar r <ku...@gmail.com>.

Hi,

I have enabled doAs property as said in
http://hbase.apache.org/book.html#security.gateway.thrift.doas

  <property>
    <name>hbase.thrift.kerberos.principal</name>
    <value>principal</value>
  </property>
  <property>
    <name>hbase.thrift.keytab.file</name>
    <value>keytab</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.enabled</name>
    <value>true</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.keystore.store</name>
    <value>keystorelocation</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.keystore.password</name>
    <value>keystorepassword</value>
  </property>
  <property>
    <name>hbase.thrift.ssl.keystore.keypassword</name>
    <value>keypasspassword</value>
  </property>
  <property>
    <name>hbase.thrift.security.qop</name>
    <value>auth-conf</value>
  </property>
  <property>
    <name>hbase.regionserver.thrift.http</name>
    <value>true</value>
  </property>
  <property>
    <name>hbase.thrift.support.proxyuser</name>
    <value>true</value>
  </property>

But when i run the DemoClient, facing errors

*hbase org.apache.hadoop.hbase.thrift.HttpDoAsClient machine1.example.com
<http://machine1.example.com> 10003 Kumar true*

Error logs - http://pastebin.com/ULSBi3Ci

and getting below WARN messages in HBase thrift server logs

2016-10-06 11:33:39,540 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:33:50,791 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:34:04,266 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?
2016-10-06 11:34:04,272 WARN  [191407184@qtp-4591636-0] mortbay.log:
javax.net.s
sl.SSLException: Unrecognized SSL message, plaintext connection?

Did i missed anything?

Help me to resolve the errors.

Thanks.

On Wed, Oct 5, 2016 at 2:50 PM, kumar r <ku...@gmail.com> wrote:

> Hi Dima,
>
> Thanks for the update. Let me check further.
>
> On Wed, Oct 5, 2016 at 2:28 AM, Dima Spivak <di...@apache.org> wrote:
>
>> Hey Kumar,
>>
>> The ref guide section on enabling security for the Thrift gateway [1] is a
>> good place to start. Have you gone through that?
>>
>> 1. http://hbase.apache.org/book.html#security.gateway.thrift.doas
>>
>> -Dima
>>
>> On Tue, Oct 4, 2016 at 4:59 AM, kumar r <ku...@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I need example for C# HBase thrift with doAs header.
>> >
>> > First of all, setting the below property isn't enough to enable
>> > authentication/impersonation?
>> >
>> >   <property>
>> >     <name>hbase.thrift.security.qop</name>
>> >     <value>auth-conf</value>
>> >   </property>
>> >
>> > After setting this property, i cannot access HBase via C# thrift. I need
>> > example to access HBase with doAs via C# thrift client.
>> >
>> > Help me to get it work.
>> >
>> > Thanks in advance,
>> > Kumar
>> >
>>
>
>

Re: HBase thrift C# impersonation

Posted by kumar r <ku...@gmail.com>.

Hi Dima,

Thanks for the update. Let me check further.

On Wed, Oct 5, 2016 at 2:28 AM, Dima Spivak <di...@apache.org> wrote:

> Hey Kumar,
>
> The ref guide section on enabling security for the Thrift gateway [1] is a
> good place to start. Have you gone through that?
>
> 1. http://hbase.apache.org/book.html#security.gateway.thrift.doas
>
> -Dima
>
> On Tue, Oct 4, 2016 at 4:59 AM, kumar r <ku...@gmail.com> wrote:
>
> > Hi,
> >
> > I need example for C# HBase thrift with doAs header.
> >
> > First of all, setting the below property isn't enough to enable
> > authentication/impersonation?
> >
> >   <property>
> >     <name>hbase.thrift.security.qop</name>
> >     <value>auth-conf</value>
> >   </property>
> >
> > After setting this property, i cannot access HBase via C# thrift. I need
> > example to access HBase with doAs via C# thrift client.
> >
> > Help me to get it work.
> >
> > Thanks in advance,
> > Kumar
> >
>

Re: HBase thrift C# impersonation

Posted by Dima Spivak <di...@apache.org>.

Hey Kumar,

The ref guide section on enabling security for the Thrift gateway [1] is a
good place to start. Have you gone through that?

1. http://hbase.apache.org/book.html#security.gateway.thrift.doas

-Dima

On Tue, Oct 4, 2016 at 4:59 AM, kumar r <ku...@gmail.com> wrote:

> Hi,
>
> I need example for C# HBase thrift with doAs header.
>
> First of all, setting the below property isn't enough to enable
> authentication/impersonation?
>
>   <property>
>     <name>hbase.thrift.security.qop</name>
>     <value>auth-conf</value>
>   </property>
>
> After setting this property, i cannot access HBase via C# thrift. I need
> example to access HBase with doAs via C# thrift client.
>
> Help me to get it work.
>
> Thanks in advance,
> Kumar
>