I am using Cloudera Hadoop cluster in which kerberos security is enabled. But in properties file I have mention the hbase.encryption as none. So I need to change the value of property hbase.rpc.protection as none in hbase-site.xml. I tried to set this property value to none but it failed because in Cloudera it shows only authentication, privacy and integrity option. So does anyone have solution for this? Thanks in advance.
Asked
Active
Viewed 1,317 times
0
1 Answers
0
You can only choose authentication, integrity, or privacy for hbase.rpc.protection. When it is set to none, it defaults to authentication. This can be seen in hbase-client/src/main/java/org/apache/hadoop/hbase/security/SaslUtil.java:
/**
* @param rpcProtection Value of 'hbase.rpc.protection' configuration.
* @return Map with values for SASL properties.
*/
static Map<String, String> initSaslProperties(String rpcProtection) {
String saslQop;
if (rpcProtection.isEmpty()) {
saslQop = QualityOfProtection.AUTHENTICATION.getSaslQop();
} else {
String[] qops = rpcProtection.split(",");
....
Configuring Encrypted HBase Data Transport Using Cloudera Manager states the following:
Search for the HBase Transport Security property and select one of the following:
- authentication: Enables simple authentication using Kerberos.
integrity: Checks the integrity of data received to ensure it was not corrupted in transit. Selecting integrity also enables authentication.
privacy: Ensures privacy by encrypting the data in transit using TLS/SSL encryption. Selecting privacy also enables authentication and integrity. Set this property to privacy to enable secure RPC transport.
So by choosing authentication or integrity you are not encrypting RPC traffic.
tk421
- 5,775
- 6
- 23
- 34