You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hbase.apache.org by Minwoo Kang <mi...@gmail.com> on 2022/01/25 14:20:43 UTC

How to do wire encryption without using kerberos.

Hello, HBase community,

I have a question about HBase security.
If I want to use wire encryption, I should set kerberos and
hbase.rpc.protection=privacy.
Is there any way not to use kerberos?

(This seems like a silly question.)
(I think... If I could safely provide a key to use for encryption, I could
put encryption and decryption logic in the endpoint processor.)

Best regards,
Minwoo

Re: Images missing in hbase blogs

Posted by "张铎(Duo Zhang)" <pa...@gmail.com>.

Thanks for reporting. AFAIK there is no plan yet, the links are from google
doc, will try to contact the authors.

Ranganath Govardhanagiri <rg...@salesforce.com.invalid>
于2022年2月1日周二 17:53写道：

> Hello,
>
> [Sorry if this is already known and somework is planned]
>
> While reading the blogs posts like this - Accordion: HBase Breathes with
> In-Memory Compaction : Apache HBase
> <https://blogs.apache.org/hbase/entry/accordion-hbase-breathes-with-in>, I
> see the figures are missing and I assume those figures would add a lot of
> easinees in understanding the article better.
> Is this known issue and are there plans to restore them?
>
> Thanks!
>

Images missing in hbase blogs

Posted by Ranganath Govardhanagiri <rg...@salesforce.com.INVALID>.

Hello,

[Sorry if this is already known and somework is planned]

While reading the blogs posts like this - Accordion: HBase Breathes with
In-Memory Compaction : Apache HBase
<https://blogs.apache.org/hbase/entry/accordion-hbase-breathes-with-in>, I
see the figures are missing and I assume those figures would add a lot of
easinees in understanding the article better.
Is this known issue and are there plans to restore them?

Thanks!

Re: How to do wire encryption without using kerberos.

Posted by Wellington Chevreuil <we...@gmail.com>.

AFAIK, the answer is no, currently, there's no way to encrypt rpc requests
if not using kerberos. There were some discussions about it in HBASE-26548
<https://issues.apache.org/jira/browse/HBASE-26548> and on this slack thread
<https://apache-hbase.slack.com/archives/C13K8NVAM/p1638980520110600>. The
patch in HBASE-26548 is a very rough PoC taking advantage of netty TLS
capabilities, and hardcoding it in the netty RPC layer. Can be used as a
reference, or refined further to a point where it would be merge ready, if
you are interested in investing some effort on this.