You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Nick Dimiduk (Jira)" <ji...@apache.org> on 2020/05/13 19:27:00 UTC

[jira] [Reopened] (HBASE-24190) Case-sensitive use of configuration parameter hbase.security.authentication

     [ https://issues.apache.org/jira/browse/HBASE-24190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Dimiduk reopened HBASE-24190:
----------------------------------

The commits applied do not conform to the project requirements for including a Jira ticket and matching between the commit title and jira summary. Responsible committer, please revert and reapply everywhere. Thanks.

> Case-sensitive use of configuration parameter hbase.security.authentication
> ---------------------------------------------------------------------------
>
>                 Key: HBASE-24190
>                 URL: https://issues.apache.org/jira/browse/HBASE-24190
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Yuanliang Zhang
>            Assignee: Rushabh Shah
>            Priority: Major
>             Fix For: 3.0.0-alpha-1, 2.3.0, 1.7.0, 2.1.10, 1.4.14, 2.2.5
>
>
> In hbase-20586 (https://issues.apache.org/jira/browse/HBASE-20586)
> (commit_sha: [https://github.com/apache/hbase/commit/cd61bcc0] )
> The code added ([SyncTable.java|https://github.com/apache/hbase/commit/cd61bcc0#diff-d1b79635f33483bf6226609e91fd1cc3]) for the use of *hbase.security.authentication* is case-sensitive. So users setting it to “KERBEROS” won’t take effect. 
>  
> {code:java}
>  private void initCredentialsForHBase(String zookeeper, Job job) throws IOException {
>    Configuration peerConf = HBaseConfiguration.createClusterConf(job.getConfiguration(), zookeeper);
>    if(peerConf.get("hbase.security.authentication").equals("kerberos")){
>      TableMapReduceUtil.initCredentialsForCluster(job, peerConf);    }
>  }
> {code}
>  
> However, in current code base, other uses of *hbase.security.authentication* are all case-insensitive. For example in *MasterFileSystem.java.* 
>  
> {code:java}
> public MasterFileSystem(Configuration conf) throws IOException{   
>   ...   
>   this.isSecurityEnabled = "kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication"));  
>   ... 
> }
> {code}
>  
> The doc in GitHub repo is also misleading (Giving upper-case value).
> {quote}As a distributed database, HBase must be able to authenticate users and HBase services across an untrusted network. Clients and HBase services are treated equivalently in terms of authentication (and this is the only time we will draw such a distinction).
> There are currently three modes of authentication which are supported by HBase today via the configuration property {{hbase.security.authentication}}
> {{1.SIMPLE}}
> {{2.KERBROS}}
> {{3.TOKEN}}
> {quote}
> Users may misconfigure the parameter because of the case-senstive problem.
> *How To Fix*
> Using *eqaulsIgnoreCase* API consistently in every place when using *hbase.security.authentication* or make it clear in Doc.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)