You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Kevin Risden (JIRA)" <ji...@apache.org> on 2018/04/03 03:34:00 UTC
[jira] [Updated] (HBASE-19852) HBase Thrift 1 server SPNEGO
Improvements
[ https://issues.apache.org/jira/browse/HBASE-19852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Risden updated HBASE-19852:
---------------------------------
Attachment: HBASE-19852.master.007.patch.txt
> HBase Thrift 1 server SPNEGO Improvements
> -----------------------------------------
>
> Key: HBASE-19852
> URL: https://issues.apache.org/jira/browse/HBASE-19852
> Project: HBase
> Issue Type: Improvement
> Components: Thrift
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Major
> Attachments: HBASE-19852.master.001.patch, HBASE-19852.master.002.patch, HBASE-19852.master.003.patch, HBASE-19852.master.004.patch, HBASE-19852.master.006.patch, HBASE-19852.master.007.patch.txt
>
>
> HBase Thrift1 server has some issues when trying to use SPNEGO.
> From mailing list:
> http://mail-archives.apache.org/mod_mbox/hbase-user/201801.mbox/%3CCAJU9nmh5YtZ%2BmAQSLo91yKm8pRVzAPNLBU9vdVMCcxHRtRqgoA%40mail.gmail.com%3E
> {quote}While setting up the HBase Thrift server with HTTP, there were a
> significant amount of 401 errors where the HBase Thrift wasn't able to
> handle the incoming Kerberos request. Documentation online is sparse when
> it comes to setting up the principal/keytab for HTTP Kerberos.
> I noticed that the HBase Thrift HTTP implementation was missing SPNEGO
> principal/keytab like other Thrift based servers (HiveServer2). It looks
> like HiveServer2 Thrift implementation and HBase Thrift v1 implementation
> were very close to the same at one point. I made the following changes to
> HBase Thrift v1 server implementation to make it work:
> * add SPNEGO principal/keytab if in HTTP mode
> * return 401 immediately if no authorization header instead of waiting for
> try/catch down in program flow{quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)