It´s said The REST interface can be set
up<http://hbase.apache.org/book/security.html#d2163e4324>to use a
Kerberos credential to increase security.
http://blog.cloudera.com/blog/2013/03/how-to-use-the-apache-hbase-rest-interface-part-1/
Thanks,
Li Li
2013/9/24 Vikram Srivastava <vikrams@cloudera.com>
Oops, sorry I meant "it doesn't seem like HBase Rest server does any
authentication for clients"
The link says "No authentication will be performed by the REST gateway
itself."
To unsubscribe from this group and stop receiving emails from it, send an email to scm-users+unsubscribe@cloudera.org.authentication for clients"
The link says "No authentication will be performed by the REST gateway
itself."
On Mon, Sep 23, 2013 at 11:15 PM, 李黎 wrote:
Hi,
I know it, but it don´t work at the environment configured by the
Cloudera Manager.
where is wrong?
Thanks,
Li Li
2013/9/24 Vikram Srivastava <vikrams@cloudera.com>
Hi,
I know it, but it don´t work at the environment configured by the
Cloudera Manager.
where is wrong?
Thanks,
Li Li
2013/9/24 Vikram Srivastava <vikrams@cloudera.com>
+cdh-user
Added cdh-user where we can get more information for HBase. As per
http://hbase.apache.org/book/security.html#d0e5338, it doesn't seem
like HBase Rest server doesn't authentication for clients.
Added cdh-user where we can get more information for HBase. As per
http://hbase.apache.org/book/security.html#d0e5338, it doesn't seem
like HBase Rest server doesn't authentication for clients.
On Mon, Sep 23, 2013 at 7:41 PM, 李黎 wrote:
Hi,
I have configured secure Hdfs and Hbase with Cloudera Manager to enable
Kerberos authorization for HDFS, hue and hbase.
I made sure REST API for WebHDFS is work successfully.
------------
[root@dhcp149216 ~]# kinit user01
Password for user01@mycompany.com:
[root@dhcp149216 ~]# curl --negotiate -u: -i "
http://dhcp149216:50070/webhdfs/v1/user/user01/samp.dat?op=open"
HTTP/1.1 401
Cache-Control: must-revalidate,no-cache,no-store
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT
Content-Length: 1378
Server: Jetty(6.1.26.cloudera.2)
HTTP/1.1 307 TEMPORARY_REDIRECT
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Content-Type: application/octet-stream
Set-Cookie: hadoop.auth="u=user01&p=user01@mycompany.com
&t=kerberos&e=1380025210434&s=EHTlCLhBjb09oHHh8mSbapvPp6I=";Path=/
Location:
http://dhcp149216.a01.aist.go.jp:1006/webhdfs/v1/user/user01/samp.dat?op=OPEN&delegation=IAAGdXNlcjAxBnVzZXIwMQCKAUFNxEVOigFBcdDJTgcEFD1nBTkbkBcXKD5PIn8jpnn4g-goEldFQkhERlMgZGVsZWdhdGlvbhQxNTAuMjkuMTQ5LjIxNjo1MDA3MA&namenoderpcaddress=dhcp149216.a01.aist.go.jp:8020&offset=0
Content-Length: 0
Server: Jetty(6.1.26.cloudera.2)
------------
But, I found Kerberos Authentication of Hbase is not done while I
access to Hbase REST gateway.
----
[root@dhcp149216 ~]# kdestroy
[lili@dhcp149251 ~]$ curl http://dhcp149216:20550/table1/schema
{ NAME=> 'table1', IS_META => 'false', IS_ROOT => 'false', COLUMNS => [
{ NAME => 'column1', BLOCKSIZE => '65536', BLOOMFILTER => 'NONE',
MIN_VERSIONS => '0', KEEP_DELETED_CELLS => 'false', ENCODE_ON_DISK =>
'true', BLOCKCACHE => 'true', COMPRESSION => 'NONE', VERSIONS => '3',
REPLICATION_SCOPE => '0', TTL => '2147483647', DATA_BLOCK_ENCODING =>
'NONE', IN_MEMORY => 'false' } ] }[lili@dhcp149251 ~]$
[lili@dhcp149251 ~]$ curl -X DELETE
http://dhcp149216:20550/table1/schema
[lili@dhcp149251 ~]$ curl -X PUT -H "Content-Type: application/json"
-d '{"@name":"table1", "ColumnSchema":[{"name":"column1"}]}'
http://dhcp149216:20550/table1/schema
[lili@dhcp149251 ~]$ curl http://dhcp149216:20550/table1/schema{NAME=> 'table1', IS_META => 'false', IS_ROOT => 'false', COLUMNS => [ {
NAME => 'column1', BLOCKSIZE => '65536', BLOOMFILTER => 'NONE',
MIN_VERSIONS => '0', KEEP_DELETED_CELLS => 'false', ENCODE_ON_DISK =>
'true', BLOCKCACHE => 'true', COMPRESSION => 'NONE', VERSIONS => '3',
REPLICATION_SCOPE => '0', TTL => '2147483647', DATA_BLOCK_ENCODING =>
'NONE', IN_MEMORY => 'false' } ] }
------
Hbase was configured for Kerberos Authentication , but it can be
accessd by anyone from anywhere, Why ?
Please advice me how to access Hbase gateway with kerberos
Authentication.
[image: 埋め込み画像 1]
Thanks,
Li Li
To unsubscribe from this group and stop receiving emails from it, send
an email to scm-users+unsubscribe@cloudera.org.
Hi,
I have configured secure Hdfs and Hbase with Cloudera Manager to enable
Kerberos authorization for HDFS, hue and hbase.
I made sure REST API for WebHDFS is work successfully.
------------
[root@dhcp149216 ~]# kinit user01
Password for user01@mycompany.com:
[root@dhcp149216 ~]# curl --negotiate -u: -i "
http://dhcp149216:50070/webhdfs/v1/user/user01/samp.dat?op=open"
HTTP/1.1 401
Cache-Control: must-revalidate,no-cache,no-store
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT
Content-Length: 1378
Server: Jetty(6.1.26.cloudera.2)
HTTP/1.1 307 TEMPORARY_REDIRECT
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Date: Tue, 24 Sep 2013 02:20:10 GMT
Pragma: no-cache
Content-Type: application/octet-stream
Set-Cookie: hadoop.auth="u=user01&p=user01@mycompany.com
&t=kerberos&e=1380025210434&s=EHTlCLhBjb09oHHh8mSbapvPp6I=";Path=/
Location:
http://dhcp149216.a01.aist.go.jp:1006/webhdfs/v1/user/user01/samp.dat?op=OPEN&delegation=IAAGdXNlcjAxBnVzZXIwMQCKAUFNxEVOigFBcdDJTgcEFD1nBTkbkBcXKD5PIn8jpnn4g-goEldFQkhERlMgZGVsZWdhdGlvbhQxNTAuMjkuMTQ5LjIxNjo1MDA3MA&namenoderpcaddress=dhcp149216.a01.aist.go.jp:8020&offset=0
Content-Length: 0
Server: Jetty(6.1.26.cloudera.2)
------------
But, I found Kerberos Authentication of Hbase is not done while I
access to Hbase REST gateway.
----
[root@dhcp149216 ~]# kdestroy
[lili@dhcp149251 ~]$ curl http://dhcp149216:20550/table1/schema
{ NAME=> 'table1', IS_META => 'false', IS_ROOT => 'false', COLUMNS => [
{ NAME => 'column1', BLOCKSIZE => '65536', BLOOMFILTER => 'NONE',
MIN_VERSIONS => '0', KEEP_DELETED_CELLS => 'false', ENCODE_ON_DISK =>
'true', BLOCKCACHE => 'true', COMPRESSION => 'NONE', VERSIONS => '3',
REPLICATION_SCOPE => '0', TTL => '2147483647', DATA_BLOCK_ENCODING =>
'NONE', IN_MEMORY => 'false' } ] }[lili@dhcp149251 ~]$
[lili@dhcp149251 ~]$ curl -X DELETE
http://dhcp149216:20550/table1/schema
[lili@dhcp149251 ~]$ curl -X PUT -H "Content-Type: application/json"
-d '{"@name":"table1", "ColumnSchema":[{"name":"column1"}]}'
http://dhcp149216:20550/table1/schema
[lili@dhcp149251 ~]$ curl http://dhcp149216:20550/table1/schema{NAME=> 'table1', IS_META => 'false', IS_ROOT => 'false', COLUMNS => [ {
NAME => 'column1', BLOCKSIZE => '65536', BLOOMFILTER => 'NONE',
MIN_VERSIONS => '0', KEEP_DELETED_CELLS => 'false', ENCODE_ON_DISK =>
'true', BLOCKCACHE => 'true', COMPRESSION => 'NONE', VERSIONS => '3',
REPLICATION_SCOPE => '0', TTL => '2147483647', DATA_BLOCK_ENCODING =>
'NONE', IN_MEMORY => 'false' } ] }
------
Hbase was configured for Kerberos Authentication , but it can be
accessd by anyone from anywhere, Why ?
Please advice me how to access Hbase gateway with kerberos
Authentication.
[image: 埋め込み画像 1]
Thanks,
Li Li
To unsubscribe from this group and stop receiving emails from it, send
an email to scm-users+unsubscribe@cloudera.org.