You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Kevin Risden (JIRA)" <ji...@apache.org> on 2018/01/23 22:47:00 UTC

[jira] [Created] (HBASE-19852) HBase Thrift1 SPNEGO Improvements

Kevin Risden created HBASE-19852:
------------------------------------

             Summary: HBase Thrift1 SPNEGO Improvements
                 Key: HBASE-19852
                 URL: https://issues.apache.org/jira/browse/HBASE-19852
             Project: HBase
          Issue Type: Improvement
          Components: Thrift
            Reporter: Kevin Risden


HBase Thrift1 server has some issues when trying to use SPNEGO.

From mailing list:
http://mail-archives.apache.org/mod_mbox/hbase-user/201801.mbox/%3CCAJU9nmh5YtZ%2BmAQSLo91yKm8pRVzAPNLBU9vdVMCcxHRtRqgoA%40mail.gmail.com%3E

{quote}While setting up the HBase Thrift server with HTTP, there were a
significant amount of 401 errors where the HBase Thrift wasn't able to
handle the incoming Kerberos request. Documentation online is sparse when
it comes to setting up the principal/keytab for HTTP Kerberos.

I noticed that the HBase Thrift HTTP implementation was missing SPNEGO
principal/keytab like other Thrift based servers (HiveServer2). It looks
like HiveServer2 Thrift implementation and HBase Thrift v1 implementation
were very close to the same at one point. I made the following changes to
HBase Thrift v1 server implementation to make it work:
* add SPNEGO principal/keytab if in HTTP mode
* return 401 immediately if no authorization header instead of waiting for
try/catch down in program flow{quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)