Josh Elser created PHOENIX-3891:
-----------------------------------
Summary: ConnectionQueryServices leak on auto-Kerberos-login
without REALM in URL
Key: PHOENIX-3891
URL: https://issues.apache.org/jira/browse/PHOENIX-3891
Project: Phoenix
Issue Type: Bug
Reporter: Josh Elser
Assignee: Josh Elser
Priority: Critical
Fix For: 4.11.0
PHOENIX-3189 fixed some logic in construction of a {{ConnectionInfo}} to, when
requested by the user, perform the Kerberos login and then construct and cache
the ConnectionInfo->ConnectionQueryServices pair.
This approach only works when the principal that the user provides in the JDBC
url is exactly what UGI returns as the short name. Logically equivalent
principals will result in re-logging in each time and leaking
ConnectionQueryService instances (and thus HConnection and ZooKeeper objects).
For example, with Kerberos principals there is a default realm which is implied
by krb5.conf when not explicitly provided. Thus: {{elserj}} and
{{elserj@APACHE}} would be considered logically equivalent (when the default
realm is "APACHE"). We should expand the {{isSameName}} check in ConnectionInfo
to be a bit smarter.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
