You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Hao Hao (JIRA)" <ji...@apache.org> on 2018/01/26 01:30:00 UTC
[jira] [Resolved] (KUDU-2267) Client may see negotiation failure
when talks to master followers with only self signed cert
[ https://issues.apache.org/jira/browse/KUDU-2267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hao Hao resolved KUDU-2267.
---------------------------
Resolution: Fixed
Fix Version/s: 1.7.0
Target Version/s: 1.7.0
> Client may see negotiation failure when talks to master followers with only self signed cert
> ---------------------------------------------------------------------------------------------
>
> Key: KUDU-2267
> URL: https://issues.apache.org/jira/browse/KUDU-2267
> Project: Kudu
> Issue Type: Improvement
> Components: client
> Affects Versions: 1.6.0
> Reporter: Hao Hao
> Priority: Major
> Fix For: 1.7.0
>
>
> Currently, if a master has never been a leader from the very start of the cluster, it has just self-signed cert. And if a client does not have valid Kerberos credential but only authenticated token, then the client may see {{org.apache.kudu.client.NonRecoverableException: Server requires Kerberos, but this client is not authenticated}} error when trying to connect to master followers. Since in that case SASL authentication type is chosen instead of token for authentication.
> It is safe to ignore this error, as long as client is able to connect to master leader. However, for a long term fix, masters should probably attempt to get a signed cert from the leader.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)