Please have a look at HBASE-7829

[lars hofhansl <la...@apache.org>]

Especially the security folks (Andy, Gary).


https://issues.apache.org/jira/browse/HBASE-7829

This is a followup to a change introduced in 0.94.4. If this breaks secure operation I would sink the RC (sigh).

-- Lars

Re: Please have a look at HBASE-7829

[lars hofhansl <la...@apache.org>]

Thanks for looking Devaraj and Ted. Francis commented on the issue as well.
We'll fix this for 0.94.6.


-- Lars



----- Original Message -----
From: Devaraj Das <dd...@hortonworks.com>
To: "dev@hbase.apache.org" <de...@hbase.apache.org>; lars hofhansl <la...@apache.org>
Cc: 
Sent: Monday, February 11, 2013 11:15 PM
Subject: Re: Please have a look at HBASE-7829

As mentioned in a comment on HBASE-7829 jira, the old way of
specifying jaas conf still works. That makes it less serious of a
problem. So +1 from me on this release still, but I guess we should
document it in a release note or something.


On Mon, Feb 11, 2013 at 10:19 PM, lars hofhansl <la...@apache.org> wrote:
> I find this in that HBASE-4791 change:
> +    // If keyTab is not specified use the Ticket Cache.
> +    // and set the zookeeper login context name.
> +    JaasConfiguration jaasConf = new JaasConfiguration(loginContextName,
> +      keytabFilename, principalName);
> +    javax.security.auth.login.Configuration.setConfiguration(jaasConf);
>
>
> This was introduced with 0.94.4. It's not a regression since then, but still a bug introduced by the last stable point release.
> If it's not serious I won't sink the RC. But if it is, we should fix it.
>
> -- Lars
>
>
> ----- Original Message -----
> From: Ted Yu <yu...@gmail.com>
> To: dev@hbase.apache.org; lars hofhansl <la...@apache.org>
> Cc:
> Sent: Monday, February 11, 2013 10:05 PM
> Subject: Re: Please have a look at HBASE-7829
>
> I produced diff of
> src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
> (in 0.94.4) to the tip of 0.94
>
> The code corrected by HBASE-7829 wasn't a regression since 0.94.4
>
> FYI
>
> On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <la...@apache.org> wrote:
>
>> Especially the security folks (Andy, Gary).
>>
>>
>> https://issues.apache.org/jira/browse/HBASE-7829
>>
>> This is a followup to a change introduced in 0.94.4. If this breaks secure
>> operation I would sink the RC (sigh).
>>
>> -- Lars
>>
>>
>

Re: Please have a look at HBASE-7829

[Devaraj Das <dd...@hortonworks.com>]

As mentioned in a comment on HBASE-7829 jira, the old way of
specifying jaas conf still works. That makes it less serious of a
problem. So +1 from me on this release still, but I guess we should
document it in a release note or something.


On Mon, Feb 11, 2013 at 10:19 PM, lars hofhansl <la...@apache.org> wrote:
> I find this in that HBASE-4791 change:
> +    // If keyTab is not specified use the Ticket Cache.
> +    // and set the zookeeper login context name.
> +    JaasConfiguration jaasConf = new JaasConfiguration(loginContextName,
> +      keytabFilename, principalName);
> +    javax.security.auth.login.Configuration.setConfiguration(jaasConf);
>
>
> This was introduced with 0.94.4. It's not a regression since then, but still a bug introduced by the last stable point release.
> If it's not serious I won't sink the RC. But if it is, we should fix it.
>
> -- Lars
>
>
> ----- Original Message -----
> From: Ted Yu <yu...@gmail.com>
> To: dev@hbase.apache.org; lars hofhansl <la...@apache.org>
> Cc:
> Sent: Monday, February 11, 2013 10:05 PM
> Subject: Re: Please have a look at HBASE-7829
>
> I produced diff of
> src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
> (in 0.94.4) to the tip of 0.94
>
> The code corrected by HBASE-7829 wasn't a regression since 0.94.4
>
> FYI
>
> On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <la...@apache.org> wrote:
>
>> Especially the security folks (Andy, Gary).
>>
>>
>> https://issues.apache.org/jira/browse/HBASE-7829
>>
>> This is a followup to a change introduced in 0.94.4. If this breaks secure
>> operation I would sink the RC (sigh).
>>
>> -- Lars
>>
>>
>

Re: Please have a look at HBASE-7829

[lars hofhansl <la...@apache.org>]

I find this in that HBASE-4791 change:
+    // If keyTab is not specified use the Ticket Cache.
+    // and set the zookeeper login context name.
+    JaasConfiguration jaasConf = new JaasConfiguration(loginContextName,
+      keytabFilename, principalName);
+    javax.security.auth.login.Configuration.setConfiguration(jaasConf);


This was introduced with 0.94.4. It's not a regression since then, but still a bug introduced by the last stable point release.
If it's not serious I won't sink the RC. But if it is, we should fix it.

-- Lars


----- Original Message -----
From: Ted Yu <yu...@gmail.com>
To: dev@hbase.apache.org; lars hofhansl <la...@apache.org>
Cc: 
Sent: Monday, February 11, 2013 10:05 PM
Subject: Re: Please have a look at HBASE-7829

I produced diff of
src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
(in 0.94.4) to the tip of 0.94

The code corrected by HBASE-7829 wasn't a regression since 0.94.4

FYI

On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <la...@apache.org> wrote:

> Especially the security folks (Andy, Gary).
>
>
> https://issues.apache.org/jira/browse/HBASE-7829
>
> This is a followup to a change introduced in 0.94.4. If this breaks secure
> operation I would sink the RC (sigh).
>
> -- Lars
>
>

Re: Please have a look at HBASE-7829

[Ted Yu <yu...@gmail.com>]

I produced diff of
src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
(in 0.94.4) to the tip of 0.94

The code corrected by HBASE-7829 wasn't a regression since 0.94.4

FYI

On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <la...@apache.org> wrote:

> Especially the security folks (Andy, Gary).
>
>
> https://issues.apache.org/jira/browse/HBASE-7829
>
> This is a followup to a change introduced in 0.94.4. If this breaks secure
> operation I would sink the RC (sigh).
>
> -- Lars
>
>