You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Bharath Vissapragada (Jira)" <ji...@apache.org> on 2020/09/16 16:15:00 UTC

[jira] [Updated] (HBASE-25051) DIGEST based auth broken for MasterRegistry

     [ https://issues.apache.org/jira/browse/HBASE-25051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bharath Vissapragada updated HBASE-25051:
-----------------------------------------
    Affects Version/s: 1.7.0
                       3.0.0-alpha-1
                       2.3.0

> DIGEST based auth broken for MasterRegistry
> -------------------------------------------
>
>                 Key: HBASE-25051
>                 URL: https://issues.apache.org/jira/browse/HBASE-25051
>             Project: HBase
>          Issue Type: Sub-task
>    Affects Versions: 3.0.0-alpha-1, 2.3.0, 1.7.0
>            Reporter: Bharath Vissapragada
>            Assignee: Bharath Vissapragada
>            Priority: Minor
>
> DIGEST-MD5 based sasl auth depends on cluster-ID to obtain tokens. With master registry, we have a circular dependency here because master registry needs an rpcClient to talk to masters (and to get cluster ID) and rpc-Client needs a clusterId if DIGEST based auth is configured. Earlier, there was a ZK client that has its own authentication mechanism to fetch the cluster ID.
> HBASE-23330, I think doesn't fully fix the problem. It depends on an active connection to fetch delegation tokens for the MR job and that inherently assumes that the active connection does not use a DIGEST auth.
> It is not clear to me how common it is to use DIGEST based auth in connections.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)