You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Bharath Vissapragada (Jira)" <ji...@apache.org> on 2020/09/16 16:14:00 UTC

[jira] [Created] (HBASE-25051) DIGEST based auth broken for MasterRegistry

Bharath Vissapragada created HBASE-25051:
--------------------------------------------

             Summary: DIGEST based auth broken for MasterRegistry
                 Key: HBASE-25051
                 URL: https://issues.apache.org/jira/browse/HBASE-25051
             Project: HBase
          Issue Type: Sub-task
            Reporter: Bharath Vissapragada
            Assignee: Bharath Vissapragada


DIGEST-MD5 based sasl auth depends on cluster-ID to obtain tokens. With master registry, we have a circular dependency here because master registry needs an rpcClient to talk to masters (and to get cluster ID) and rpc-Client needs a clusterId if DIGEST based auth is configured. Earlier, there was a ZK client that has its own authentication mechanism to fetch the cluster ID.

HBASE-23330, I think doesn't fully fix the problem. It depends on an active connection to fetch delegation tokens for the MR job and that inherently assumes that the active connection does not use a DIGEST auth.

It is not clear to me how common it is to use DIGEST based auth in connections.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)