Return-Path: 
 <issues-return-238859-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1195C19023
	for <apmail-hbase-issues-archive@www.apache.org>;
 Fri,  8 Apr 2016 17:06:26 +0000 (UTC)
Received: (qmail 29996 invoked by uid 500); 8 Apr 2016 17:06:25 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 29899 invoked by uid 500); 8 Apr 2016 17:06:25 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 29867 invoked by uid 99); 8 Apr 2016 17:06:25 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Apr 2016 17:06:25 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 8D5622C1F5C
	for <issues@hbase.apache.org>; Fri,  8 Apr 2016 17:06:25 +0000 (UTC)
Date: Fri, 8 Apr 2016 17:06:25 +0000 (UTC)
From: "Andrew Purtell (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12957268.1460135122000.176792.1460135185576@Atlassian.JIRA>
In-Reply-To: <JIRA.12957268.1460135122000@Atlassian.JIRA>
References: <JIRA.12957268.1460135122000@Atlassian.JIRA>
 <JIRA.12957268.1460135122996@arcas>
Subject: [jira] [Commented] (HBASE-15618) Abort if security credentials
 become invalid
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HBASE-15618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232493#comment-15232493 ] 

Andrew Purtell commented on HBASE-15618:
----------------------------------------

This was with 0.98, but I don't think behavior of any later version is improved. 

> Abort if security credentials become invalid
> --------------------------------------------
>
>                 Key: HBASE-15618
>                 URL: https://issues.apache.org/jira/browse/HBASE-15618
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Andrew Purtell
>
> We are investigating a production incident where a bad keytab push seems to have caused one regionsever, serving hot regions, to lose the ability to communicate with clients. After the fact we see this server threw a steady stream of GSS initiate failed errors and lingered in an unhealthy state for too long. HBase did not automatically take any corrective action, like an abort of the affected process, which would have recovered service without operator intervention. 
> Consider detecting and aborting if security credentials like the Kerberos keytab become invalid during runtime.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)