You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@phoenix.apache.org by Aleksandr Saraseka <as...@eztexting.com> on 2019/11/04 08:45:31 UTC
Phoenix non-Kerberos security ?
Hello community.
Does Phoenix have some kind of security for authentication and
authorization other then Kerberos ?
We're allowing our users connect to our cluster with QueryServer, but at
the same time we want to authenticate them and control what kind of access
they can have (read only, write only to some tables) without enabling
Kerberos for HBase/HDFS clusters.
--
Aleksandr Saraseka
DBA
380997600401
*•* asaraseka@eztexting.com *•* eztexting.com
<http://eztexting.com?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://facebook.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://linkedin.com/company/eztexting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://twitter.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.youtube.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.instagram.com/ez_texting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.facebook.com/alex.saraseka?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.linkedin.com/in/alexander-saraseka-32616076/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
Re: Phoenix non-Kerberos security ?
Posted by Aleksandr Saraseka <as...@eztexting.com>.
It's working fine with Kerberos, but we use streaming Spark jobs on Google
Dataproc cluster and seems it has some problems to make Spark -> Phoenix
JDBC -> HBase working, so I'm trying to find some workaround to keep HBase
unsecure and have "protection from mistake" for PQS that users use.
On Mon, Nov 4, 2019 at 11:02 AM anil gupta <an...@gmail.com> wrote:
> To the best of my knowledge Phoenix/HBase only supports Kerberos.
> In past, i have used secure HBase/Phoenix cluster in web services and it
> worked fine. Kerberos can be integrated with AD. But, you might need to
> check whether Queryserver supports security or not. In worst case, a
> potential workaround would be to put Phoenix query server behind a
> homegrown webservice that authenticates and authorizes the users before
> forwarding the request to Queryserver.
>
> HTH,
> Anil Gupta
>
> On Mon, Nov 4, 2019 at 12:45 AM Aleksandr Saraseka <
> asaraseka@eztexting.com> wrote:
>
>> Hello community.
>> Does Phoenix have some kind of security for authentication and
>> authorization other then Kerberos ?
>> We're allowing our users connect to our cluster with QueryServer, but at
>> the same time we want to authenticate them and control what kind of access
>> they can have (read only, write only to some tables) without enabling
>> Kerberos for HBase/HDFS clusters.
>>
>> --
>> Aleksandr Saraseka
>> DBA
>> 380997600401
>> *•* asaraseka@eztexting.com *•* eztexting.com
>> <http://eztexting.com?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>>
>> <http://facebook.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <http://linkedin.com/company/eztexting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <http://twitter.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.youtube.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.instagram.com/ez_texting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.facebook.com/alex.saraseka?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.linkedin.com/in/alexander-saraseka-32616076/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>>
>
>
> --
> Thanks & Regards,
> Anil Gupta
>
--
Aleksandr Saraseka
DBA
380997600401
*•* asaraseka@eztexting.com *•* eztexting.com
<http://eztexting.com?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://facebook.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://linkedin.com/company/eztexting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://twitter.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.youtube.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.instagram.com/ez_texting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.facebook.com/alex.saraseka?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.linkedin.com/in/alexander-saraseka-32616076/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
Re: Phoenix non-Kerberos security ?
Posted by anil gupta <an...@gmail.com>.
To the best of my knowledge Phoenix/HBase only supports Kerberos.
In past, i have used secure HBase/Phoenix cluster in web services and it
worked fine. Kerberos can be integrated with AD. But, you might need to
check whether Queryserver supports security or not. In worst case, a
potential workaround would be to put Phoenix query server behind a
homegrown webservice that authenticates and authorizes the users before
forwarding the request to Queryserver.
HTH,
Anil Gupta
On Mon, Nov 4, 2019 at 12:45 AM Aleksandr Saraseka <as...@eztexting.com>
wrote:
> Hello community.
> Does Phoenix have some kind of security for authentication and
> authorization other then Kerberos ?
> We're allowing our users connect to our cluster with QueryServer, but at
> the same time we want to authenticate them and control what kind of access
> they can have (read only, write only to some tables) without enabling
> Kerberos for HBase/HDFS clusters.
>
> --
> Aleksandr Saraseka
> DBA
> 380997600401
> *•* asaraseka@eztexting.com *•* eztexting.com
> <http://eztexting.com?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>
> <http://facebook.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
> <http://linkedin.com/company/eztexting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
> <http://twitter.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
> <https://www.youtube.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
> <https://www.instagram.com/ez_texting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
> <https://www.facebook.com/alex.saraseka?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
> <https://www.linkedin.com/in/alexander-saraseka-32616076/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>
--
Thanks & Regards,
Anil Gupta