Ranger plugin(Hive,Hbase,Hawq etc.) use RangerBasePlugin to fetch policies from ranger server, while RangerBasePlugin use RangerAdminRestClient by default to fetch policies. RangerAdminRestClient can be configured to use ssl/tls to do authentication. But my question is that does it support Kerberos authentication(since restclient use http, spnego maybe more specific)?
Hi vperiasamy, I check the Ranger 0.6 release note. It introduce kerberos in BaseClient which is used by hiveclinet, hbaseclient, which is used by lookup.
My question is whether plugin connect to ranger server support Kerberos. Could you please give me more details?
and other Ranger experts,
Could you share what's the typical configuration for Ranger to Hive/HBase (lookup service)after Ranger 0.6 release? Kerberos? or SSL still under use? Thanks a lot!
For connection from Hive/HBase to Ranger for the policy fetch part, what's the typical security configuration? SSL?
Thanks for sharing!
Found that in RangerAdminRESTClient.java, the function getServicePoliciesIfUpdated() use UserGroupInformation.isSecurityEnabled() to check whether to use kerberos.