You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Wang, Xinglong (Jira)" <ji...@apache.org> on 2019/11/19 09:32:00 UTC
[jira] [Created] (HBASE-23319) ZKUtil.isSecureZooKeeper does not
consider JAAS configuration set programmatically
Wang, Xinglong created HBASE-23319:
--------------------------------------
Summary: ZKUtil.isSecureZooKeeper does not consider JAAS configuration set programmatically
Key: HBASE-23319
URL: https://issues.apache.org/jira/browse/HBASE-23319
Project: HBase
Issue Type: Bug
Reporter: Wang, Xinglong
Assignee: Wang, Xinglong
There are 2 ways to specify JAAS for zk
1st approach is to specify in hbase-env.sh via -Djava.security.auth.login.config=zk_client_jaas.conf
2nd approach is introduced by
https://issues.apache.org/jira/browse/HBASE-4791
However during my test, if I remove jaas related configuration from hbase-env.sh and add the following entries required by HBASE-4791, regionserver can not authenticate with zk successfully
{code:java}
hbase.zookeeper.client.keytab.file
hbase.zookeeper.client.kerberos.principal
{code}
I checked the code, it failed on this line https://github.com/apache/hbase/blob/master/hbase-zookeeper/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java#L871
And this will cause the jaas login process break on https://github.com/apache/hbase/blob/master/hbase-zookeeper/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java#L208
As a result, regionserver will not try to login from keytab in such case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)