hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-13772) Replication endpoints should restrict access to the service principal
Date Mon, 25 May 2015 17:22:17 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14558396#comment-14558396
] 

Andrew Purtell commented on HBASE-13772:
----------------------------------------

Endpoints should restrict RPC access to only the HBase service principal, or, optionally,
a specific principal specified in site configuration.

I think this should be a blocker for all pending releases.

> Replication endpoints should restrict access to the service principal
> ---------------------------------------------------------------------
>
>                 Key: HBASE-13772
>                 URL: https://issues.apache.org/jira/browse/HBASE-13772
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Andrew Purtell
>            Priority: Blocker
>             Fix For: 2.0.0, 0.98.13, 1.0.2, 1.2.0, 1.1.1
>
>
> Replication endpoints will accept RPC connections from any Kerberos principal that is
trusted by the endpoint's local KDC. This is far too open and may allow for the establishment
of rogue endpoints (in conjunction with HBASE-13771). 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message