hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-9706) Improve detection of secure ZooKeeper
Date Fri, 04 Oct 2013 20:44:43 GMT

    [ https://issues.apache.org/jira/browse/HBASE-9706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13786595#comment-13786595

Matteo Bertozzi commented on HBASE-9706:

patch looks good to me, and also the client should be able to connect to zookeeper even without
jaas.conf since all znodes accessed by the client should be WORLD_READABLE (set by ZKUtil.createACL())

[~apurtell] [~ghelmling] thoughts?

> Improve detection of secure ZooKeeper
> -------------------------------------
>                 Key: HBASE-9706
>                 URL: https://issues.apache.org/jira/browse/HBASE-9706
>             Project: HBase
>          Issue Type: Bug
>          Components: Client
>    Affects Versions: 0.94.4, 0.95.0
>         Environment: Java 6, RHEL, HBase 0.94.9
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>         Attachments: JIRA-9706-0.94.patch, JIRA-9706-0.95-trunk.patch
> HBase client code assumes ZooKeeper is secured, as long as there is a java.security.auth.login.config
property being set.  When HBase client is embedded in other java program with other security
configuration, it can produce wrong assumption that ZooKeeper is secured.  Ideally, isSecureZooKeeper
method should detect Jaas configuration specifically for ZooKeeper to ensure that client program
doesn't have a false positive detection.

This message was sent by Atlassian JIRA

View raw message