You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Wang, Xinglong (Jira)" <ji...@apache.org> on 2019/11/19 09:32:00 UTC

[jira] [Created] (HBASE-23319) ZKUtil.isSecureZooKeeper does not consider JAAS configuration set programmatically

Wang, Xinglong created HBASE-23319:
--------------------------------------

             Summary: ZKUtil.isSecureZooKeeper does not consider JAAS configuration set programmatically 
                 Key: HBASE-23319
                 URL: https://issues.apache.org/jira/browse/HBASE-23319
             Project: HBase
          Issue Type: Bug
            Reporter: Wang, Xinglong
            Assignee: Wang, Xinglong


There are 2 ways  to specify JAAS for zk 
1st approach is to specify in hbase-env.sh via -Djava.security.auth.login.config=zk_client_jaas.conf

2nd approach is introduced by
https://issues.apache.org/jira/browse/HBASE-4791

However during my test, if I remove jaas related configuration from hbase-env.sh and add the following entries required by HBASE-4791, regionserver can not authenticate with zk successfully

{code:java}
hbase.zookeeper.client.keytab.file
hbase.zookeeper.client.kerberos.principal 
{code}

I checked the code, it failed on this line https://github.com/apache/hbase/blob/master/hbase-zookeeper/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java#L871

And this will cause the jaas login process break on https://github.com/apache/hbase/blob/master/hbase-zookeeper/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java#L208

As a result, regionserver will not try to login from keytab in such case.






--
This message was sent by Atlassian Jira
(v8.3.4#803005)