phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Resolved] (PHOENIX-3232) Automatic Kerberos login via JDBC url can result in clients using other's credentials
Date Thu, 01 Jun 2017 15:52:04 GMT


Josh Elser resolved PHOENIX-3232.
    Resolution: Not A Problem

In re-thinking about this one while working on PHOENIX-3891, I think we're not doing anything
"bad". We actually mimic the functionality of HBase.

My initial concern was about users doing:
UserGroupInformation.loginUserWithKeytab(principal1, keytab1);
Connection cnxn1 = DriverManager.getConnection("");
// Actual: does stuff as user1
UserGroupInformation.loginUserWithKeytab(principal2, keytab2);
// Actual: does stuff as user1 (not as user2)

What actually happens in the above is that the PhoenixConnection is tied to the user that
was logged in at the time the Connection was instantiated. I thought this was prone to error,
but later realized that it's actually a result of what HBase does internally with its HConnection
(that we're caching).

It may still be "confusing" but it's not something we would address solely here in Phoenix.
Makes me think that I need to do a write-up for the website..

> Automatic Kerberos login via JDBC url can result in clients using other's credentials
> -------------------------------------------------------------------------------------
>                 Key: PHOENIX-3232
>                 URL:
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Critical
> This is a recent topic of discussion that keeps coming up (PHOENIX-3189, PHOENIX-3216,
and PHOENIX-3126).
> The root of the problem are two competing goals:
> 1. Try to re-use HBase Connections as much as possible
> 2. Change the "global" Kerberos user state (in UserGroupInformation)
> One common manifestation of this problem is when multiple JDBC URLs are used within a
single JVM. Instances of PhoenixConnections are not tied to the user that was logged in at
construction of the instance, but the global state (shared across the entire JVM). Thus, a
second PhoenixConnection constructed with a different user causes the first PhoenixConnection
to use the new user's credentials (without any warning).
is a concrete example of how this breaks down. The [second use of the connection by "USER
is actually done as the other user.

This message was sent by Atlassian JIRA

View raw message