[
https://issues.apache.org/jira/browse/HBASE-13772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14558396#comment-14558396
]
Andrew Purtell commented on HBASE-13772:
----------------------------------------
Endpoints should restrict RPC access to only the HBase service principal, or,
optionally, a specific principal specified in site configuration.
I think this should be a blocker for all pending releases.
> Replication endpoints should restrict access to the service principal
> ---------------------------------------------------------------------
>
> Key: HBASE-13772
> URL: https://issues.apache.org/jira/browse/HBASE-13772
> Project: HBase
> Issue Type: Bug
> Reporter: Andrew Purtell
> Priority: Blocker
> Fix For: 2.0.0, 0.98.13, 1.0.2, 1.2.0, 1.1.1
>
>
> Replication endpoints will accept RPC connections from any Kerberos principal
> that is trusted by the endpoint's local KDC. This is far too open and may
> allow for the establishment of rogue endpoints (in conjunction with
> HBASE-13771).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
