[
https://issues.apache.org/jira/browse/HBASE-13771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Duo Zhang resolved HBASE-13771.
-------------------------------
Resolution: Implemented
> Replication clients should not access zookeeper directly
> --------------------------------------------------------
>
> Key: HBASE-13771
> URL: https://issues.apache.org/jira/browse/HBASE-13771
> Project: HBase
> Issue Type: Improvement
> Affects Versions: 1.0.1, 1.1.0, 0.98.12, 1.2.0, 2.0.0
> Reporter: Andrew Kyle Purtell
> Priority: Critical
>
> Replication client actions set and modify znodes directly. This is legacy
> from an era before we had the AccessController available and missing coverage
> of admin action in our security model.
> All replication client actions should be mediated by the master, and hooked
> up to the coprocessor framework for use by the AccessController. After adding
> this functionality we should should restrict access to replication znodes to
> only the HBase service principal, but provide a configuration option to relax
> those permissions for as long as older admin clients are in use (with a stern
> suggestion to upgrade ASAP). This type of functional change, with optional
> backwards compatibility, should be fine for all branches.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
