hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-15200) ZooKeeper znode ACL checks should only compare the shortname
Date Fri, 05 Feb 2016 17:05:39 GMT

    [ https://issues.apache.org/jira/browse/HBASE-15200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134482#comment-15134482
] 

Hudson commented on HBASE-15200:
--------------------------------

FAILURE: Integrated in HBase-0.98-matrix #292 (See [https://builds.apache.org/job/HBase-0.98-matrix/292/])
Amend HBASE-15200 ZooKeeper znode ACL checks should only compare the (apurtell: rev f6e5c3290c5a0b3486c92077f37e55567ce05f57)
* hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java


> ZooKeeper znode ACL checks should only compare the shortname
> ------------------------------------------------------------
>
>                 Key: HBASE-15200
>                 URL: https://issues.apache.org/jira/browse/HBASE-15200
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0, 1.2.0, 1.0.3, 1.1.3, 0.98.17
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>            Priority: Minor
>             Fix For: 2.0.0, 1.3.0, 1.2.1, 1.1.4, 1.0.4, 0.98.18
>
>         Attachments: HBASE-15200-branch-1.0.patch, HBASE-15200-branch-1.1.patch, HBASE-15200.patch,
HBASE-15200.patch
>
>
> After HBASE-13768 we check at startup in secure configurations if our znodes have the
correct ACLs. However when checking the ACL we compare the Kerberos fullname, which includes
the host component. We should only compare the shortname, the principal. Otherwise in a multimaster
configuration we will unnecessarily reset ACLs whenever any master running on a host other
than the one that initialized the ACLs makes the check. You can imagine this happening multiple
times in a rolling restart scenario.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message