hbase

hbase 安全配置

标签： hbase 安全

用http（https）保证web UI

使用http设置

hbase.ssl.enabled=true
hbase.master.info.port
hbase.regionserver.info.port

问题官网发还没解决。

客户端安全访问HBase

0.92版本以后，支持SASL
前期准备工作：

1. hadoop Authenticantion configuration

   hbase.security.authentication=kerberos
   hadoop.security.authentication=kerberos

2. Kerberos KDC

   Server-side Configuration for Secure Operation

   配置文件hbase-site.xml

 <property>
<name>hbase.security.authentication</name>
<value>kerberos</value>
</property>
<property>
<name>hbase.security.authorization</name>
<value>true</value>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.token.TokenProvider</value>
</property>

Client-side Configuration for Secure Operation

<property>
<name>hbase.security.authentication</name>
<value>kerberos</value>
</property>

如果设置RPC进行配置加密，需要添加

<property>
<name>hbase.rpc.protection</name>
<value>privacy</value>
</property>

Client-side Configuration for Secure Operation -

Thrift Gateway

<property>
<name>hbase.thrift.keytab.file</name>
<value>/etc/hbase/conf/hbase.keytab</value>
</property>
<property>
<name>hbase.thrift.kerberos.principal</name>
<value>$USER/_HOST@HADOOP.LOCALDOMAIN</value>
<!-- TODO: This may need to be HTTP/_HOST@<REALM> and _HOST may not work.
You may have to put the concrete full hostname.
-->
</property>
<!-- Add these if you need to configure a different DNS interface from the default -->
<property>
<name>hbase.thrift.dns.interface</name>
<value>default</value>
</property>
<property>
<name>hbase.thrift.dns.nameserver</name>
<value>default</value>
</property>
不写了 用的时候再说！