HBase Authentication
To configure HBase security, complete the following tasks:
- Configure HBase Authentication: You must establish a mechanism for HBase servers and clients to securely identify themselves with HDFS, ZooKeeper, and
each other. This ensures that hosts are who they claim to be.
Note:
-
To enable HBase to work with Kerberos security, you must perform the installation and configuration steps in Enabling Kerberos Authentication for CDH and ZooKeeper Security Configuration.
-
Although an HBase Thrift server can connect to a secured Hadoop cluster, access is not secured from clients to the HBase Thrift server. To encrypt communication between clients and the HBase Thrift Server, see Configuring TLS/SSL for HBase Thrift Server.
The following sections describe how to use Apache HBase and CDH 6 with Kerberos security: -
- Configure HBase Authorization: You must establish rules for the resources that clients are allowed to access. For more information, see Configuring HBase Authorization.
Using the Hue HBase App
Hue includes an HBase App that allows you to interact with HBase through a Thrift proxy server. Because Hue sits between the Thrift server and the client, the Thrift server assumes that all HBase operations come from the hue user and not the client. To ensure that users in Hue are only allowed to perform HBase operations assigned to their own credentials, and not those of the hue user, you must enable HBase impersonation. For more information about the how to enable doAs Impersonation for the HBase Browser Application, see Enabling the HBase Browser Application with doAs Impersonation.
<< Using Substitution Variables for Flume Kerberos Principal and Keytab | ©2016 Cloudera, Inc. All rights reserved | Configuring Kerberos Authentication for HBase >> |
Terms and Conditions Privacy Policy |