FAQ
Hi,

It´s said The REST interface can be set
up<http://hbase.apache.org/book/security.html#d2163e4324>to use a
Kerberos credential to increase security.

http://blog.cloudera.com/blog/2013/03/how-to-use-the-apache-hbase-rest-interface-part-1/

Thanks,

Li Li


2013/9/24 Vikram Srivastava <vikrams@cloudera.com>
Oops, sorry I meant "it doesn't seem like HBase Rest server does any
authentication for clients"

The link says "No authentication will be performed by the REST gateway
itself."

On Mon, Sep 23, 2013 at 11:15 PM, 李黎 wrote:

Hi,

I know it, but it don´t work at the environment configured by the
Cloudera Manager.
where is wrong?

Thanks,

Li Li


2013/9/24 Vikram Srivastava <vikrams@cloudera.com>
+cdh-user

Added cdh-user where we can get more information for HBase. As per
http://hbase.apache.org/book/security.html#d0e5338, it doesn't seem
like HBase Rest server doesn't authentication for clients.

On Mon, Sep 23, 2013 at 7:41 PM, 李黎 wrote:

Hi,

I have configured secure Hdfs and Hbase with Cloudera Manager to enable
Kerberos authorization for HDFS, hue and hbase.
I made sure REST API for WebHDFS is work successfully.
------------
[root@dhcp149216 ~]# kinit user01
Password for user01@mycompany.com:
[root@dhcp149216 ~]# curl --negotiate -u: -i "
http://dhcp149216:50070/webhdfs/v1/user/user01/samp.dat?op=open"
HTTP/1.1 401
Cache-Control: must-revalidate,no-cache,no-store
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT
Content-Length: 1378
Server: Jetty(6.1.26.cloudera.2)

HTTP/1.1 307 TEMPORARY_REDIRECT
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Content-Type: application/octet-stream
Set-Cookie: hadoop.auth="u=user01&p=user01@mycompany.com
&t=kerberos&e=1380025210434&s=EHTlCLhBjb09oHHh8mSbapvPp6I=";Path=/
Location:
http://dhcp149216.a01.aist.go.jp:1006/webhdfs/v1/user/user01/samp.dat?op=OPEN&delegation=IAAGdXNlcjAxBnVzZXIwMQCKAUFNxEVOigFBcdDJTgcEFD1nBTkbkBcXKD5PIn8jpnn4g-goEldFQkhERlMgZGVsZWdhdGlvbhQxNTAuMjkuMTQ5LjIxNjo1MDA3MA&namenoderpcaddress=dhcp149216.a01.aist.go.jp:8020&offset=0
Content-Length: 0
Server: Jetty(6.1.26.cloudera.2)
------------

But, I found Kerberos Authentication of Hbase is not done while I
access to Hbase REST gateway.

----
[root@dhcp149216 ~]# kdestroy

[lili@dhcp149251 ~]$ curl http://dhcp149216:20550/table1/schema
{ NAME=> 'table1', IS_META => 'false', IS_ROOT => 'false', COLUMNS => [
{ NAME => 'column1', BLOCKSIZE => '65536', BLOOMFILTER => 'NONE',
MIN_VERSIONS => '0', KEEP_DELETED_CELLS => 'false', ENCODE_ON_DISK =>
'true', BLOCKCACHE => 'true', COMPRESSION => 'NONE', VERSIONS => '3',
REPLICATION_SCOPE => '0', TTL => '2147483647', DATA_BLOCK_ENCODING =>
'NONE', IN_MEMORY => 'false' } ] }[lili@dhcp149251 ~]$
[lili@dhcp149251 ~]$ curl -X DELETE
http://dhcp149216:20550/table1/schema
[lili@dhcp149251 ~]$ curl -X PUT -H "Content-Type: application/json"
-d '{"@name":"table1", "ColumnSchema":[{"name":"column1"}]}'
http://dhcp149216:20550/table1/schema
[lili@dhcp149251 ~]$ curl http://dhcp149216:20550/table1/schema{NAME=> 'table1', IS_META => 'false', IS_ROOT => 'false', COLUMNS => [ {
NAME => 'column1', BLOCKSIZE => '65536', BLOOMFILTER => 'NONE',
MIN_VERSIONS => '0', KEEP_DELETED_CELLS => 'false', ENCODE_ON_DISK =>
'true', BLOCKCACHE => 'true', COMPRESSION => 'NONE', VERSIONS => '3',
REPLICATION_SCOPE => '0', TTL => '2147483647', DATA_BLOCK_ENCODING =>
'NONE', IN_MEMORY => 'false' } ] }
------
Hbase was configured for Kerberos Authentication , but it can be
accessd by anyone from anywhere, Why ?

Please advice me how to access Hbase gateway with kerberos
Authentication.

[image: 埋め込み画像 1]

Thanks,

Li Li



To unsubscribe from this group and stop receiving emails from it, send
an email to scm-users+unsubscribe@cloudera.org.
To unsubscribe from this group and stop receiving emails from it, send an email to scm-users+unsubscribe@cloudera.org.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 5 of 6 | next ›
Discussion Overview
groupscm-users @
categorieshadoop
postedSep 24, '13 at 2:41a
activeSep 24, '13 at 8:49p
posts6
users3
websitecloudera.com
irc#hadoop

People

Translate

site design / logo © 2022 Grokbase