phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleksandr Saraseka <asaras...@eztexting.com>
Subject Re: Phoenix non-Kerberos security ?
Date Mon, 04 Nov 2019 09:11:26 GMT
It's working fine with Kerberos, but we use streaming Spark jobs on Google
Dataproc cluster and seems it has some problems to make Spark -> Phoenix
JDBC -> HBase working, so I'm trying to find some workaround to keep HBase
unsecure and have "protection from mistake" for PQS that users use.

On Mon, Nov 4, 2019 at 11:02 AM anil gupta <anilgupta84@gmail.com> wrote:

> To the best of my knowledge Phoenix/HBase only supports Kerberos.
> In past, i have used secure HBase/Phoenix cluster in web services and it
> worked fine. Kerberos can be integrated with AD. But, you might need to
> check whether Queryserver supports security or not. In worst case, a
> potential workaround would be to put Phoenix query server behind a
> homegrown webservice that authenticates and authorizes the users before
> forwarding the request to Queryserver.
>
> HTH,
> Anil Gupta
>
> On Mon, Nov 4, 2019 at 12:45 AM Aleksandr Saraseka <
> asaraseka@eztexting.com> wrote:
>
>> Hello community.
>> Does Phoenix have some kind of security for authentication and
>> authorization other then Kerberos ?
>> We're allowing our users connect to our cluster with QueryServer, but at
>> the same time we want to authenticate them and control what kind of access
>> they can have (read only, write only to some tables) without enabling
>> Kerberos for HBase/HDFS clusters.
>>
>> --
>> Aleksandr Saraseka
>> DBA
>> 380997600401
>>  *•*  asaraseka@eztexting.com  *•*  eztexting.com
>> <http://eztexting.com?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>>
>> <http://facebook.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <http://linkedin.com/company/eztexting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <http://twitter.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.youtube.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.instagram.com/ez_texting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.facebook.com/alex.saraseka?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>> <https://www.linkedin.com/in/alexander-saraseka-32616076/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
>>
>
>
> --
> Thanks & Regards,
> Anil Gupta
>


-- 
Aleksandr Saraseka
DBA
380997600401
 *•*  asaraseka@eztexting.com  *•*  eztexting.com
<http://eztexting.com?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://facebook.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://linkedin.com/company/eztexting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<http://twitter.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.youtube.com/eztexting?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.instagram.com/ez_texting/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.facebook.com/alex.saraseka?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>
<https://www.linkedin.com/in/alexander-saraseka-32616076/?utm_source=WiseStamp&utm_medium=email&utm_term=&utm_content=&utm_campaign=signature>

Mime
View raw message